Build responsive layouts that work for desktop, tablets, and mobile using intuitive drag & drop editor with live preview.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
3,291
5 issue groups
Security
1,891
9 issue groups
Maintainability
1,485
10 issue groups
Supply Chain
453
1 issue group
ERRORI18nText Domain MismatchMismatched text domain. Expected 'themify-builder' but got 'ptb'.3,045
- Category
- I18n
- Occurrences
- 3,045
- Severity
- error
Sample message
Mismatched text domain. Expected 'themify-builder' but got 'ptb'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ajax_filter_enabled".1,177
- Category
- Maintainability
- Occurrences
- 1,177
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ajax_filter_enabled".
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$status"'.914
- Category
- Security
- Occurrences
- 914
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$status"'.
ERRORSupply Chaincompressed filesCompressed files are not permitted.453
- Category
- Supply Chain
- Occurrences
- 453
- Severity
- error
Sample message
Compressed files are not permitted.
ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.338
- Category
- Security
- Occurrences
- 338
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_FILES[$key]191
- Category
- Security
- Occurrences
- 191
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES[$key]
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.189
- Category
- I18n
- Occurrences
- 189
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityMissing Unslash$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar181
- Category
- Security
- Occurrences
- 181
- Severity
- warning
Sample message
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".98
- Category
- Maintainability
- Occurrences
- 98
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
WARNINGSecurityMissingProcessing form data without nonce verification.85
- Category
- Security
- Occurrences
- 85
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
WARNINGSecurityRecommended78
- Category
- Security
- Occurrences
- 78
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput Not Validated70
- Category
- Security
- Occurrences
- 70
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES[$imgid . 'async-upload']. Check that the array index exists before using it.
WARNINGMaintainabilityNon Prefixed Class Found50
- Category
- Maintainability
- Occurrences
- 50
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Builder_Optin_Service".
WARNINGMaintainabilityDirect Query40
- Category
- Maintainability
- Occurrences
- 40
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching34
- Category
- Maintainability
- Occurrences
- 34
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilitymissing direct file access protection27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORI18nMissing Arg Domain25
- Category
- I18n
- Occurrences
- 25
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORSecurityNot Prepared21
- Category
- Security
- Occurrences
- 21
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $cpt
ERRORI18nNon Singular String Literal Text19
- Category
- I18n
- Occurrences
- 19
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $alt
ERRORMaintainabilityNon Enqueued Stylesheet16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
Stylesheets must be registered/enqueued via wp_enqueue_style()
WARNINGMaintainabilityslow db query meta value15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
ERRORMaintainabilitycurl curl setopt14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityparse url parse url14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORSecurityUnescaped DBParameter13
- Category
- Security
- Occurrences
- 13
- Severity
- error
Sample message
Unescaped parameter $cpt used in $wpdb->get_row()\n$cpt used without escaping.
ERRORI18nUnordered Placeholders Text13
- Category
- I18n
- Occurrences
- 13
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$f, %2$c", but got "%f, %c" in 'Found "%find%" in posts(%count%): %posts%'.
Score History
First score snapshot
v7.7.5
9
Latest
- Findings
- 7,291
- Errors
- 5,195
- Warnings
- 2,096
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 9 | 7,291 | 5,195 | 2,096 | v7.7.5 | 2.0.0 |
Related Plugins
7k+ active installs
3k+ active installs
30k+ active installs
3k+ active installs
4k+ active installs
30k+ active installs