Tutor LMS – eLearning and online course solution

A complete WordPress LMS plugin to create any eLearning website easily.

v3.9.13ThemeumUpdated 4 days agoAdded 7 years ago100k+ installs88% rating96% support resolved

course education elearning learning management system lms

Score

395

Errors

3,402

Warnings

Change

Category Scores

Security0

Repo94

Performance91

Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

3,797 findings

Maintainability

3,441

16 issue groups

Security

302

9 issue groups

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_checked".2,327

Category: Maintainability
Occurrences: 2,327
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_checked".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.329

Category: Maintainability
Occurrences: 329
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().312

Category: Maintainability
Occurrences: 312
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;261

Category: Maintainability
Occurrences: 261
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable $course_ids at \t\t\tWHERE topic.post_parent IN ($course_ids)"121

Category: Security
Occurrences: 121
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $course_ids at \t\t\tWHERE topic.post_parent IN ($course_ids)"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".51

Category: Maintainability
Occurrences: 51
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORSecurityUnescaped DBParameterUnescaped parameter $ancestor_ids used in $wpdb->get_col()\n$ancestor_ids assigned unsafely at line 8480.43

Category: Security
Occurrences: 43
Severity: error

Sample message

Unescaped parameter $ancestor_ids used in $wpdb->get_col()\n$ancestor_ids assigned unsafely at line 8480.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGSecurityUnescaped DBParameterUnescaped parameter $array used in $wpdb->get_results()\n$array assigned unsafely at line 408.42

Category: Security
Occurrences: 42
Severity: warning

Sample message

Unescaped parameter $array used in $wpdb->get_results()\n$array assigned unsafely at line 408.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.34

Category: Maintainability
Occurrences: 34
Severity: warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key

WARNINGSecurityRecommendedProcessing form data without nonce verification.34

Category: Security
Occurrences: 34
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

Show 15 more issue groups

WARNINGMaintainabilityNon Prefixed Function Found29

Category: Maintainability
Occurrences: 29
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "__tutor_generate_categories_checkbox".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilityslow db query meta value23

Category: Maintainability
Occurrences: 23
Severity: warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value

ERRORSecurityException Not Escaped22

Category: Security
Occurrences: 22
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot resolve: {$abstract}"'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

ERRORMaintainabilitydate date17

Category: Maintainability
Occurrences: 17
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

ERRORSecurityNot Prepared15

Category: Security
Occurrences: 15
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $post_type

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityerror log error log14

Category: Maintainability
Occurrences: 14
Severity: warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log

ERRORSecurityOutput Not Escaped13

Category: Security
Occurrences: 13
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$attr_string'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityNon Prefixed Constant Found9

Category: Maintainability
Occurrences: 9
Severity: warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "PAYMENT_HUB_ROOT".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

WARNINGMaintainabilityslow db query tax query8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Detected usage of tax_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_tax_query

WARNINGMaintainabilityMissing Version8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

WARNINGMaintainabilityDynamic Hookname Found7

Category: Maintainability
Occurrences: 7
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$blocks['action']".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound

ERRORMaintainabilitywp function not compatible with requires wp7

Category: Maintainability
Occurrences: 7
Severity: error

Sample message

Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.3.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGSecurityUnfinished Prepare6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

WARNINGSecurityInput Not Sanitized6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['data']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGMaintainabilitywp reset query wp reset query5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

wp_reset_query() is discouraged. Use wp_reset_postdata() instead.

WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query

Score History

First score snapshot

First scan

Jun 20, 2026, 12:17 AM UTC

Plugin version

v3.9.13

Plugin Check

2.0.0

Scoring model

2026.06-mvp-static-v2

Scan records1

yesterday

v3.9.13

Latest

Findings: 3,797
Errors: 395
Warnings: 3,402
Plugin Check: 2.0.0
Model: 2026.06-mvp-static-v2

Scan	Score	Findings	Errors	Warnings	Plugin	Plugin Check	Model
yesterdayLatest	23	3,797	395	3,402	v3.9.13	2.0.0	2026.06-mvp-static-v2

Related Plugins

Design Upgrade for LearnDash

7k+ active installs

LearnPress – Prerequisites Courses

6k+ active installs

LearnPress – Course Wishlist

20k+ active installs

LearnPress – Course Review

20k+ active installs

Tutor LMS Elementor Addons

30k+ active installs

Quiz Maker by AYS

20k+ active installs