WP-EMail

Allows people to recommend/send your WordPress blog's post/page to a friend.

v2.69.2Lester ChanUpdated Added 1k+ installs90% rating
36
Score
340
Errors
95
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability65

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

435 findings

Security

334

10 issue groups

I18n

50

4 issue groups

Maintainability

48

9 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.144
Category
Security
Occurrences
144
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value=\"$i\" selected=\"selected\">"'.121
Category
Security
Occurrences
121
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value=\"$i\" selected=\"selected\">"'.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.38
Category
I18n
Occurrences
38
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGSecurityRequest data is not unslashed$_GET[&#039;orderby&#039;] not unslashed before sanitization. Use wp_unslash() or similar28
Category
Security
Occurrences
28
Severity
warning

Sample message

$_GET[&#039;orderby&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;orderby&#039;]22
Category
Security
Occurrences
22
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;orderby&#039;]

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORMaintainabilitystrip tags strip tagsstrip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$E, %2$E", but got "%E, %E" in 'Recommended Article By %EMAIL_YOUR_NAME%: %EMAIL_POST_TITLE%'.9
Category
I18n
Occurrences
9
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$E, %2$E", but got "%E, %E" in 'Recommended Article By %EMAIL_YOUR_NAME%: %EMAIL_POST_TITLE%'.

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb-&gt;prepare(); found interpolated variable $email_log_perpage at &quot;SELECT * FROM $wpdb-&gt;email ORDER BY $email_sortby $email_sortorder LIMIT $offset, $email_log_perpage&quot;7
Category
Security
Occurrences
7
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $email_log_perpage at &quot;SELECT * FROM $wpdb-&gt;email ORDER BY $email_sortby $email_sortorder LIMIT $offset, $email_log_perpage&quot;

Show 15 more
ERRORMaintainabilityMissing direct file access protection6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORSecurityDatabase parameter is not escaped3
Category
Security
Occurrences
3
Severity
error

Sample message

Unescaped parameter $email_sortby used in $wpdb->get_results()\n$wpdb->email assigned unsafely at line 8.

ERRORSecuritySQL query is not prepared3
Category
Security
Occurrences
3
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found __

WARNINGSecurityInput is not validated3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;orderby&#039;]. Check that the array index exists before using it.

WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP-EMail" - contains the restricted term "wp" which cannot be used at all in your plugin name.

WARNINGSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
warning

Sample message

Unescaped parameter $email_table used in $wpdb-&gt;query()\n$email_table assigned unsafely at line 63.

WARNINGMaintainabilityDeprecated function: wp_get_sites2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead.

ERRORI18nNon Singular String Literal Text2
Category
I18n
Occurrences
2
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: 'Article: <strong>%EMAIL_POST_TITLE%</strong> has been sent to <strong>%EMAIL_FRIEND_NAME% (%EMAIL_FRIEND_EMAIL%)</strong></p><p>« <a href="%EMAIL_PERMALINK%">'.__('Back to %EMAIL_POST_TITLE%', 'wp-email').'</a></p>'

WARNINGMaintainabilitySchema Change1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityNonce verification recommended1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDiscouraged PHP function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

query_posts() is discouraged. Use WP_Query instead.

ERRORMaintainabilityNon Enqueued Stylesheet1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

ERRORI18nText Domain Mismatch1
Category
I18n
Occurrences
1
Severity
error

Sample message

Mismatched text domain. Expected 'wp-email' but got 'wp-postratings'.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.7 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.69.2

36

Latest

Findings
435
Errors
340
Warnings
95
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

Contact Form Query

1k+ active installs

100
Add WPGraphql Send Mail

500 active installs

99
Configure SMTP

6k+ active installs

99
Email Address Obfuscation

2k+ active installs

99
SMTP for Contact Form 7

1k+ active installs

99