PluginScore

WP Super Edit

Get control of the WordPress wysiwyg visual editor and add some functionality with more buttons and custom TinyMCE plugins.

v2.5.4Ahmad AwaisUpdated Added 2k+ installs74% rating
admineditorformattingtinyMCEwysiwyg
36
Score
35
Errors
185
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability62

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

220 findings

Security

145

11 issue groups

Maintainability

64

12 issue groups

I18n

6

2 issue groups

WARNINGSecurityRecommendedProcessing form data without nonce verification.45
Category
Security
Occurrences
45
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable $db_table at \t\t\t\tSELECT $name_col FROM $db_table\n20
Category
Security
Occurrences
20
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $db_table at \t\t\t\tSELECT $name_col FROM $db_table\n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityUnescaped DBParameterUnescaped parameter $this->db_buttons used in $wpdb->query()18
Category
Security
Occurrences
18
Severity
warning

Sample message

Unescaped parameter $this->db_buttons used in $wpdb->query()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET['page']18
Category
Security
Occurrences
18
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['page']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing Unslash$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar18
Category
Security
Occurrences
18
Severity
warning

Sample message

$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $button_query10
Category
Security
Occurrences
10
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $button_query

WordPress.DB.PreparedSQL.NotPrepared
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
Show 15 more
WARNINGSecurityUnfinished Prepare4
Category
Security
Occurrences
4
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
ERRORSecurityOutput Not Escaped4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$button'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput Not Validated4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_REQUEST['wp_super_edit_manage_role']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nText Domain Mismatch4
Category
I18n
Occurrences
4
Severity
error

Sample message

Mismatched text domain. Expected 'wp-super-edit' but got 'wp_super_edit'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORSecurityUnescaped DBParameter3
Category
Security
Occurrences
3
Severity
error

Sample message

Unescaped parameter $button_query used in $wpdb->get_results()\n$button_query assigned unsafely at line 133.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORMaintainabilitytranslate with context Found2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

translate_with_context() has been deprecated since WordPress version 2.9.0. Use _x() instead.

WordPress.WP.DeprecatedFunctions.translate_with_contextFound
WARNINGI18nNo Html Wrapped Strings2
Category
I18n
Occurrences
2
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: '<strong>Install default settings and database tables for WP Super Edit.</strong>'

WordPress.WP.I18n.NoHtmlWrappedStringsReference
WARNINGMaintainabilitytrademarked term2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP Super Edit" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGMaintainabilityNon Prefixed Constant Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WPSE_VERSION".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon Prefixed Function Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "wpse_debug".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityNon Prefixed Hookname Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "providers_registered".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon Prefixed Variable Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$updated".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGSecurityUsing FILE 1
Category
Security
Occurrences
1
Severity
warning

Sample message

Using __FILE__ for menu slugs risks exposing filesystem structure.

WordPress.Security.PluginMenuSlug.Using__FILE__
ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

Score History

First score snapshot

v2.5.4

36

Latest

Findings
220
Errors
35
Warnings
185
Check
2.0.0

Related Plugins

Footnotes Made Easy

2k+ active installs

100
Gridable

4k+ active installs

100
PufferDesk

0 active installs

100
Simply Show Hooks

2k+ active installs

100
Advanced Classic Editor

2k+ active installs

99
Block Navigation

3k+ active installs

99