PluginScore

WP Social AutoConnect

A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike. Supports Buddypress.

v4.6.4JKUpdated Added 500 installs88% rating
Facebook loginbuddypressfacebook connectlogin with facebooksocial login
33
Score
290
Errors
144
Warnings
+0
Change

Category Scores

Security0
Repo77
Performance100
Maintainability55

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

434 findings

Security

290

9 issue groups

Maintainability

111

11 issue groups

I18n

28

3 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<!-- $jfb_name Button v$jfb_version -->\n"'.133
Category
Security
Occurrences
133
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<!-- $jfb_name Button v$jfb_version -->\n"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.73
Category
Security
Occurrences
73
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilitywp function not compatible with requires wpFunction "admin_url()" requires WordPress 2.6.0, but your plugin minimum supported version is WordPress 2.5.0.45
Category
Maintainability
Occurrences
45
Severity
error

Sample message

Function "admin_url()" requires WordPress 2.6.0, but your plugin minimum supported version is WordPress 2.5.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;j_die&quot;.31
Category
Maintainability
Occurrences
31
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;j_die&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGSecurityRequest data is not unslashed$_POST[$opt_jfb_api_key] not unslashed before sanitization. Use wp_unslash() or similar30
Category
Security
Occurrences
30
Severity
warning

Sample message

$_POST[$opt_jfb_api_key] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST[$opt_jfb_api_key]26
Category
Security
Occurrences
26
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[$opt_jfb_api_key]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST[$opt_jfb_api_key]. Check that the array index exists before using it.20
Category
Security
Occurrences
20
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST[$opt_jfb_api_key]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$jfbLbID&quot;.19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$jfbLbID&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.16
Category
I18n
Occurrences
16
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().6
Category
I18n
Occurrences
6
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
Show 15 more
ERRORI18nUnordered Placeholders Text6
Category
I18n
Occurrences
6
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1\$s, %2\$s", but got "%s, %s" in "Before submitting a support request, please make sure to carefully read all the documentation and FAQs on the %s plugin homepage %s. Every problem that's ever been reported has a solution posted there.".

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGSecurityNonce verification recommended5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityMissing direct file access protection5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityerror log print r3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP Social AutoConnect" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
ERRORSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 114.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;Widget_LoginLogout&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;wp_login&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityMissing nonce verification1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORRepo Complianceno license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license.

no_licenseReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.3 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference

External Connections

Potential connections found in static code analysis.

14 domains

Outbound calls

28

External assets

1

Incoming endpoints

0

Notable Domains

graph.facebook.com7 · outbound
justin-klein.com3 · outbound
wiki.developers.facebook.com3 · outbound
developers.facebook.com2 · outbound
stephenmcintyre.net2 · outbound
auth.justin-klein.com1 · outbound

Platform / Reference Domains

wordpress.org3 · platform/reference
core.trac.wordpress.org1 · platform/reference

External Asset Domains

paypal.com2 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v4.6.4

33

Latest

Findings
434
Errors
290
Warnings
144
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Author

JKauthor

Related Plugins

BuddyPress Login Redirect to Profile

600 active installs

97
Block, Suspend, Report for BuddyPress

600 active installs

96
Wbcom Designs – Shortcodes & Elementor Widgets For BuddyPress

600 active installs

89
CBX User Online & Last Login

800 active installs

86
Wbcom Designs – Birthday Widget for BuddyPress

400 active installs

84
Custom Profile Menu for BuddyPress

400 active installs

77