Subresource Integrity (SRI) Manager

Adds Subresource Integrity (SRI) attributes to your page's elements for better protection against JavaScript DDoS attacks.

v0.4.0MeitarUpdated 6 years agoAdded 11 years ago900 installs58% rating

SRI mitigation mitm security subresource integrity

Score

Errors

Warnings

Change

Category Scores

Security0

Repo72

Performance95

Maintainability81

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

120 findings

Security

6 issue groups

Maintainability

9 issue groups

I18n

4 issue groups

Performance

1 issue group

WARNINGSecurityRequest data is not unslashed$_GET['_' . self::prefix . 'nonce'] not unslashed before sanitization. Use wp_unslash() or similar24

Category: Security
Occurrences: 24
Severity: warning

Sample message

$_GET['_' . self::prefix . 'nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_' . self::prefix . 'nonce']23

Category: Security
Occurrences: 23
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['_' . self::prefix . 'nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.19

Category: Security
Occurrences: 19
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it.12

Category: Security
Occurrences: 12
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORI18nMissing Translators CommentA function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.6

Category: I18n
Occurrences: 6
Severity: error

Sample message

A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.5

Category: Security
Occurrences: 5
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGPerformancePost Not In excludeUsing exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.5

Category: Performance
Occurrences: 5
Severity: warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORI18nMissing Singular PlaceholderMissing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals3

Category: I18n
Occurrences: 3
Severity: error

Sample message

Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals

WordPress.WP.I18n.MissingSingularPlaceholder Reference

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

Show 14 more

ERRORMaintainabilityapplication detected2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Application files are not permitted.

application_detected

ERRORSupply ChainHidden files included2

Category: Supply Chain
Occurrences: 2
Severity: error

Sample message

Hidden files are not permitted.

hidden_files

ERRORMaintainabilityMissing direct file access protection2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGMaintainabilityNon-prefixed function1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_manually_load_plugin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilityNon-prefixed hook name1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "sri_exclude_array".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORI18nText Domain Mismatch1

Category: I18n
Occurrences: 1
Severity: error

Sample message

Mismatched text domain. Expected 'wp-sri' but got 'wp-wri'.

WordPress.WP.I18n.TextDomainMismatch Reference

ERRORI18nUnordered Placeholders Text1

Category: I18n
Occurrences: 1
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Learn more about %sSubresource Integrity%s features.'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

WARNINGMaintainabilitygithub directory1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

GitHub workflow directory ".github" detected. This directory should not be included in production plugins.

github_directory

ERRORMaintainabilityinvalid plugin name1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ==="

invalid_plugin_name Reference

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 5.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

ERRORRepo Complianceplugin header no license1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_license Reference

WARNINGRepo Compliancereadme parser warnings too many tags1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

WARNINGMaintainabilitytrademarked term1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The plugin slug includes a restricted term. Your plugin slug - "wp-sri" - contains the restricted term "wp" which cannot be used at all in your plugin slug.

trademarked_term

ERRORMaintainabilitytrunk stable tag1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.

trunk_stable_tag Reference

External Connections

Potential connections found in static code analysis.

8 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

cdn.datatables.net2 · outbound

paypal.com2 · outbound

plugins.dev2 · outbound

cyberbusking.org1 · outbound

developer.mozilla.org1 · outbound

maymay.net1 · outbound

Platform / Reference Domains

developer.wordpress.org2 · platform/reference

wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1

wp_ajax_update_sri_excludeauthenticated

wp_ajax

Score History

First score snapshot

3 days ago

v0.4.0

Latest

Findings: 120
Errors: 26
Warnings: 94
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
3 days agoLatest	35	120	26	94	v0.4.0	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

cdn.datatables.net2 signals paypal.com2 signals plugins.dev2 signals cyberbusking.org1 signal developer.mozilla.org1 signal maymay.net1 signal

Related Plugins

Dam Spam

1k+ active installs

100

10k+ active installs

100

Protect Login

600 active installs

100

Remove XML-RPC Methods

1k+ active installs

100

Stop XML-RPC Attacks

6k+ active installs

100

Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…

1k+ active installs

100