Display to Post Author Information Box on bottom of the contents.
Category Scores
Top Issues by Category
maintainability103
security76
i18n17
Issues Details
198 issues found in latest scan
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_user_profile_image_form".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$attr['class']'.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "pad-stylesheet".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
$_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_GET['post']
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "VK_PAD_BASENAME".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Vk_term_color".
Processing form data without nonce verification.
Processing form data without nonce verification.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Vk_Post_Author_Box".
Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Check that the array index exists before using it.
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
The "/vendor" directory using composer exists, but "composer.json" file is missing.
Invalid or missing Stable Tag. Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_user_profile_image_form". | 51 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$attr['class']'. | 26 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 23 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "pad-stylesheet". | 19 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 14 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar | 9 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to _x(). | 9 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['post'] | 8 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 8 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "VK_PAD_BASENAME". | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Vk_term_color". | 4 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 4 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 4 |
| application_detected | ERROR | Application files are not permitted. | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Vk_Post_Author_Box". | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Check that the array index exists before using it. | 2 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 2 |
| WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query | WARNING | wp_reset_query() is discouraged. Use wp_reset_postdata() instead. | 1 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 1 |
| missing_composer_json_file | WARNING | The "/vendor" directory using composer exists, but "composer.json" file is missing. | 1 |
| no_stable_tag | ERROR | Invalid or missing Stable Tag. Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org. | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_nonexistent_domain_path | WARNING | The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages" | 1 |
Latest Snapshot
Findings
198
Errors
87
Warnings
111
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.27.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.27.1
35
Latest
- Findings
- 198
- Errors
- 87
- Warnings
- 111
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 35 | 198 | 87 | 111 | v1.27.1 | 2.0.0 | 2026.06-mvp-static-v2 |
