Add a beautiful HTML Template to all WordPress and plugin generated emails. Send email options - SMTP, Gmail, Mandrill, SparkPost, GoDaddy Hosting sup …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
307
13 issue groups
Security
271
8 issue groups
I18n
45
3 issue groups
Supply Chain
5
1 issue group
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$msg: $loc"'.115
- Category
- Security
- Occurrences
- 115
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$msg: $loc"'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$id_attribute".85
- Category
- Maintainability
- Occurrences
- 85
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$id_attribute".
WARNINGMaintainabilityDynamic Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->form_key . '_settings_fields'".81
- Category
- Maintainability
- Occurrences
- 81
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$this->form_key . '_settings_fields'".
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"[$k]=>\"$v\", "'.68
- Category
- Security
- Occurrences
- 68
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"[$k]=>\"$v\", "'.
WARNINGSecurityRecommendedProcessing form data without nonce verification.31
- Category
- Security
- Occurrences
- 31
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "callback_wp_email_template_send_wp_emails_page_show".27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "callback_wp_email_template_send_wp_emails_page_show".
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.26
- Category
- I18n
- Occurrences
- 26
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityNon Prefixed Constant FoundGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DEFAULT_BR_TEXT".18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DEFAULT_BR_TEXT".
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "a3_admin_ui_script_params".17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "a3_admin_ui_script_params".
Show 15 moreShow less
WARNINGSecurityMissing17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput Not Validated17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST[$this->google_api_key_option]. Check that the array index exists before using it.
ERRORI18nMissing Arg Domain13
- Category
- I18n
- Occurrences
- 13
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORSecurityNot Prepared11
- Category
- Security
- Occurrences
- 11
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
WARNINGMaintainabilityNon Prefixed Class Found11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Compile_Less_Sass".
ERRORMaintainabilitymissing direct file access protection10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput Not Sanitized7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['tab']
WARNINGMaintainabilityDirect Query6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilityfile system operations fclose6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORI18nUnordered Placeholders Text6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Advanced Settings - Upgrade to the <a href="%s" target="_blank">%s License</a> to activate these settings.'.
WARNINGSecurityMissing Unslash5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilityfile system operations fsockopen5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fsockopen().
ERRORSupply Chainhidden files5
- Category
- Supply Chain
- Occurrences
- 5
- Severity
- error
Sample message
Hidden files are not permitted.
Score History
First score snapshot
v2.8.6
19
Latest
- Findings
- 692
- Errors
- 342
- Warnings
- 350
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 19 | 692 | 342 | 350 | v2.8.6 | 2.0.0 |
Related Plugins
2k+ active installs
1k+ active installs
3k+ active installs
6k+ active installs
2k+ active installs
10k+ active installs