The #1 WordPress import export plugin. Bulk import CSV, XML & Excel into WordPress — WooCommerce products, posts, users, ACF fields, and more. Free.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
2,440
16 issue groups
Security
2,031
9 issue groups
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable $ID at "SELECT ID FROM {$wpdb->prefix}posts WHERE ID = '$ID' AND post_type = '$post_type' AND post_status != 'trash' order by ID DESC "1,004
- Category
- Security
- Occurrences
- 1,004
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $ID at "SELECT ID FROM {$wpdb->prefix}posts WHERE ID = '$ID' AND post_type = '$post_type' AND post_status != 'trash' order by ID DESC "
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.984
- Category
- Maintainability
- Occurrences
- 984
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().873
- Category
- Maintainability
- Occurrences
- 873
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityUnescaped DBParameterUnescaped parameter $ID used in $wpdb->get_results()\n$ID assigned unsafely at line 679.383
- Category
- Security
- Occurrences
- 383
- Severity
- error
Sample message
Unescaped parameter $ID used in $wpdb->get_results()\n$ID assigned unsafely at line 679.
WARNINGSecurityUnescaped DBParameterUnescaped parameter $acf_fields_table used in $wpdb->query()\n$acf_fields_table assigned unsafely at line 170.229
- Category
- Security
- Occurrences
- 229
- Severity
- warning
Sample message
Unescaped parameter $acf_fields_table used in $wpdb->query()\n$acf_fields_table assigned unsafely at line 170.
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.228
- Category
- Maintainability
- Occurrences
- 228
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $attr174
- Category
- Security
- Occurrences
- 174
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $attr
WARNINGSecurityMissing Unslash$_GET['do_update_sm_uci_pro'] not unslashed before sanitization. Use wp_unslash() or similar85
- Category
- Security
- Occurrences
- 85
- Severity
- warning
Sample message
$_GET['do_update_sm_uci_pro'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_FILES['csvFile']['error']. Check that the array index exists before using it.70
- Category
- Security
- Occurrences
- 70
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['csvFile']['error']. Check that the array index exists before using it.
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().50
- Category
- Maintainability
- Occurrences
- 50
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
Show 15 moreShow less
ERRORMaintainabilityfile system operations chmod47
- Category
- Maintainability
- Occurrences
- 47
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
ERRORSecurityException Not Escaped46
- Category
- Security
- Occurrences
- 46
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Expression of type {$expr->getType()} cannot be evaluated"'.
ERRORMaintainabilityfile system operations fclose45
- Category
- Maintainability
- Occurrences
- 45
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGMaintainabilityNon Prefixed Variable Found34
- Category
- Maintainability
- Occurrences
- 34
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$activate_plugin".
WARNINGMaintainabilitySchema Change32
- Category
- Maintainability
- Occurrences
- 32
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
ERRORMaintainabilitymissing direct file access protection24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityslow db query meta key23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityslow db query meta value23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of meta_value, possible slow query.
WARNINGSecurityMissing23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityMissing Version18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
WARNINGSecurityRecommended17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon Prefixed Hookname Found16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "debug_bar_title".
WARNINGMaintainabilityNon Prefixed Namespace Found15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "NXP".
WARNINGMaintainabilityDiscouraged14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
WARNINGMaintainabilityDynamic Hookname Found14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "self::HOOK_AFTER_IMPORT".
Score History
First score snapshot
v8.0.1
23
Latest
- Findings
- 4,635
- Errors
- 1,119
- Warnings
- 3,516
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 4,635 | 1,119 | 3,516 | v8.0.1 | 2.0.0 |
Related Plugins
60k+ active installs
5k+ active installs