Display Google reviews on your site with a slider or grid. Reviews are saved locally on your server for fast loading. No address? No problem — works w …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
2,424
13 issue groups
Security
1,239
11 issue groups
I18n
235
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".1,819
- Category
- Maintainability
- Occurrences
- 1,819
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.661
- Category
- Security
- Occurrences
- 661
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.
ERRORI18nText Domain MismatchMismatched text domain. Expected 'wp-google-places-review-slider' but got 'wp-fb-reviews'.235
- Category
- I18n
- Occurrences
- 235
- Severity
- error
Sample message
Mismatched text domain. Expected 'wp-google-places-review-slider' but got 'wp-fb-reviews'.
ERRORMaintainabilitywp function not compatible with requires wpFunction "esc_textarea()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.1.175
- Category
- Maintainability
- Occurrences
- 175
- Severity
- error
Sample message
Function "esc_textarea()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.1.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.174
- Category
- Security
- Occurrences
- 174
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityRequest data is not unslashed$_GET['deleterev'] not unslashed before sanitization. Use wp_unslash() or similar119
- Category
- Security
- Occurrences
- 119
- Severity
- warning
Sample message
$_GET['deleterev'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".108
- Category
- Maintainability
- Occurrences
- 108
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_AJAX".98
- Category
- Maintainability
- Occurrences
- 98
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_AJAX".
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['newvalue']. Check that the array index exists before using it.93
- Category
- Security
- Occurrences
- 93
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['newvalue']. Check that the array index exists before using it.
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".66
- Category
- Maintainability
- Occurrences
- 66
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".
Show 15 moreShow less
WARNINGMaintainabilityDirect Query56
- Category
- Maintainability
- Occurrences
- 56
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGSecurityInput is not sanitized51
- Category
- Security
- Occurrences
- 51
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['deleterev']
WARNINGMaintainabilityNo Caching50
- Category
- Maintainability
- Occurrences
- 50
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityNonce verification recommended46
- Category
- Security
- Occurrences
- 46
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecuritySQL query is not prepared40
- Category
- Security
- Occurrences
- 40
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $delpagename
WARNINGSecurityDatabase parameter is not escaped28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
Unescaped parameter $table_name used in $wpdb->get_results()\n$table_name assigned unsafely at line 16.
ERRORMaintainabilityMissing direct file access protection18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInterpolated SQL is not prepared13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "DROP TABLE IF EXISTS $table_name"
ERRORMaintainabilityOffloaded Content10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
ERRORSecurityDatabase parameter is not escaped7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
Unescaped parameter $prepared_statement used in $wpdb->get_results()\n$prepared_statement assigned unsafely at line 1720.
ERRORSecurityException output is not escaped7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.
ERRORMaintainabilitycurl curl setopt7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
WARNINGMaintainabilitySchema Change6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
ERRORMaintainabilitydate date6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityMissing Version5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
External Connections
Potential connections found in static code analysis.
Outbound calls
268
External assets
15
Incoming endpoints
17
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
No public endpoints detected.
Admin AJAX endpoints17
admin_post
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
wp_ajax
5 more hidden
Score History
2 score snapshots
v18.2
25
Latest
- Findings
- 3,951
- Errors
- 1,367
- Warnings
- 2,584
- Check
- 2.0.0
v18.1
25
Score
- Findings
- 3,949
- Errors
- 1,367
- Warnings
- 2,582
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 3,951 | 1,367 | 2,584 | v18.2 | 2.0.0 |
| 25 | 3,949 | 1,367 | 2,582 | v18.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.