SX User Name Security

SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di …

v2.4Daniel RochUpdated Added 900 installs80% rating
46
Score
42
Errors
9
Warnings
+0
Change

Category Scores

Security8
Repo88
Performance100
Maintainability90

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

51 findings

Security

27

5 issue groups

I18n

15

5 issue groups

Maintainability

6

4 issue groups

Repo Compliance

3

3 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$active_url'.22
Category
Security
Occurrences
22
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$active_url'.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.9
Category
I18n
Occurrences
9
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "semix_sx_restrict_manage_users".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "semix_sx_restrict_manage_users".

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'You have already installed <b>SF Author Url Control</b>. Now please, <a href="%s">activate it</a> then <a href="%s">change your nicename</a>.'.2
Category
I18n
Occurrences
2
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'You have already installed <b>SF Author Url Control</b>. Now please, <a href="%s">activate it</a> then <a href="%s">change your nicename</a>.'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $req1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $req

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;_wpnonce&#039;]1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;_wpnonce&#039;]

Show 7 more
WARNINGSecurityRequest data is not unslashed1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_GET[&#039;_wpnonce&#039;] not unslashed before sanitization. Use wp_unslash() or similar

ERRORI18nUnordered Placeholders Plural1
Category
I18n
Occurrences
1
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'There is %d users left to treat.%s'.

ERRORI18nUnordered Placeholders Single1
Category
I18n
Occurrences
1
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'You are displaying some users sensitive informations on your website. There is %d user left to treat.<br><strong>› Warning</strong> : it will only change every "Display Name" for all users (in order to prevent showing their real logins), but it won\'t change their URL. In order to do this, we recommand you to install and use "SF Author Url Control".%s'.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

WARNINGRepo Compliancereadme parser warnings trimmed short description1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

ERRORMaintainabilitytrunk stable tag1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.

External Connections

Potential connections found in static code analysis.

8 domains

Outbound calls

17

External assets

0

Incoming endpoints

1

Notable Domains

jqueryui.com6 · outbound
bugs.jquery.com3 · outbound
seomix.fr3 · outbound
blog.secupress.fr1 · outbound
boiteaweb.fr1 · outbound
dev.jquery.com1 · outbound

Platform / Reference Domains

gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_sx_user_fixauthenticated

wp_ajax

Score History

First score snapshot

v2.4

46

Latest

Findings
51
Errors
42
Warnings
9
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Dam Spam

1k+ active installs

100
Login Security Captcha

10k+ active installs

100
MASS Users Password Reset

600 active installs

100
Protect Login

600 active installs

100
Remove XML-RPC Methods

1k+ active installs

100
Stop XML-RPC Attacks

6k+ active installs

100