PluginScore

Tracking Code Manager

A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, …

v2.6.0Data443 Risk Mitigation, Inc.Updated Added 90k+ installs82% rating
UTM managementdeliver content by admap google adsprofit google adtrack google ad
37
Score
55
Errors
42
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability68

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

97 findings

Security

54

9 issue groups

Maintainability

30

13 issue groups

I18n

11

3 issue groups

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.16
Category
Maintainability
Occurrences
16
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$all_ids'.16
Category
Security
Occurrences
16
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$all_ids'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET[$name]10
Category
Security
Occurrences
10
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[$name]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing Unslash$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar10
Category
Security
Occurrences
10
Severity
warning

Sample message

$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityMissingProcessing form data without nonce verification.9
Category
Security
Occurrences
9
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityRecommendedProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $this->domain4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->domain

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $result4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $result

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 3.6.0.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Function "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 3.6.0.

wp_function_not_compatible_with_requires_wpReference
Show 15 more
ERRORSecurityUnescaped DBParameter1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 446.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecurityNot Prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon Prefixed Hookname Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon Prefixed Variable Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$wp_session".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORSecurityException Not Escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"No such method exists: $name"'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGSecurityInput Not Validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['REMOTE_ADDR']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
ERRORMaintainabilityfile system operations fopen1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORMaintainabilityfile system operations fwrite1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
ERRORMaintainabilityfile system operations mkdir1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
ERRORMaintainabilityrand rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand
WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

Score History

First score snapshot

v2.6.0

37

Latest

Findings
97
Errors
55
Warnings
42
Check
2.0.0

Related Plugins

Inline Related Posts

100k+ active installs

64
The GDPR Framework By Data443

10k+ active installs

23
Evergreen Countdown Timer

2k+ active installs

Pending