Tourfic Toolkit

A companion plugin to the Travelfic and Ultimate Hotel Booking with which you can easily build your own Hotel, Accommodation, Tour & Travel Bookin …

v1.4.2ThemeficUpdated Added 1k+ installs0% rating
51
Score
44
Errors
27
Warnings
+0
Change

Category Scores

Security22
Repo97
Performance100
Maintainability72

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

71 findings

Security

32

3 issue groups

Maintainability

29

12 issue groups

I18n

9

3 issue groups

Repo Compliance

1

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"@media only screen and (max-width: 600px) {\n'.26
Category
Security
Occurrences
26
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"@media only screen and (max-width: 600px) {\n'.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "appsero_init_tracker_travelfic_toolkit".9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "appsero_init_tracker_travelfic_toolkit".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'travelfic-toolkit' but got "tourfic".6
Category
I18n
Occurrences
6
Severity
error

Sample message

Mismatched text domain. Expected 'travelfic-toolkit' but got "tourfic".

ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "slider_style".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "slider_style".

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.2
Category
I18n
Occurrences
2
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

Show 9 more
ERRORMaintainabilityForbidden PHP function found1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

The use of function wp_get_sidebars_widgets() is forbidden

WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WARNINGMaintainabilityslow db query tax query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

ERRORI18nMissing Translators Comment1
Category
I18n
Occurrences
1
Severity
error

Sample message

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

WARNINGRepo Compliancereadme parser warnings trimmed short description1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

External Connections

Potential connections found in static code analysis.

14 domains

Outbound calls

131

External assets

0

Incoming endpoints

19

Notable Domains

api.themefic.com7 · outbound
appsero.com4 · outbound
php-fig.org2 · outbound
api.appsero.com1 · outbound
getcomposer.org1 · outbound

Platform / Reference Domains

w3.org88 · platform/reference
github.com3 · platform/reference
wordpress.org2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints19
wp_ajax_appsero_refresh_license_authenticated

wp_ajax

wp_ajax_contact-form-7_ajax_active_pluginauthenticated

wp_ajax

wp_ajax_contact-form-7_ajax_install_pluginauthenticated

wp_ajax

wp_ajax_elementor_ajax_active_pluginauthenticated

wp_ajax

wp_ajax_elementor_ajax_install_pluginauthenticated

wp_ajax

wp_ajax_tf_setup_wizard_submitauthenticated

wp_ajax

wp_ajax_tourfic_ajax_active_pluginauthenticated

wp_ajax

wp_ajax_tourfic_ajax_install_pluginauthenticated

wp_ajax

wp_ajax_travelfic-customizer-settings-importauthenticated

wp_ajax

wp_ajax_travelfic-demo-car-importauthenticated

wp_ajax

wp_ajax_travelfic-demo-hotel-importauthenticated

wp_ajax

wp_ajax_travelfic-demo-menu-importauthenticated

wp_ajax

7 more hidden

Score History

First score snapshot

v1.4.2

51

Latest

Findings
71
Errors
44
Warnings
27
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins