PluginScore

WPAvatar

Use WPAvatar to speed up your website, switch gravatar to Chinese source, and support automatic acquisition and display of QQ Mail avatar.

v1.9.4文派翻译(WP Chinese Translation)Updated Added 700 installs100% rating
avatargravatarwp avatarwpavatar头像
36
Score
425
Errors
45
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability64

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

470 findings

Security

408

7 issue groups

Maintainability

37

12 issue groups

I18n

22

2 issue groups

Repo Compliance

3

3 issue groups

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.312
Category
Security
Occurrences
312
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$controlled_count'.67
Category
Security
Occurrences
67
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$controlled_count'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.21
Category
I18n
Occurrences
21
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGSecurityRequest data is not unslashed$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar14
Category
Security
Occurrences
14
Severity
warning

Sample message

$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.10
Category
Security
Occurrences
10
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityfile system operations is writableFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo esc_url ..." but found "<?= esc_url ..."3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo esc_url ..." but found "<?= esc_url ..."

Generic.PHP.DisallowShortOpenTag.EchoFound
ERRORMaintainabilityPlugin Directory WritePlugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite
Show 14 more
WARNINGMaintainabilityNon-prefixed global variable3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$css_file&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecuritywp redirect wp redirect3
Category
Security
Occurrences
3
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WPAvatar" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not prepared1
Category
Security
Occurrences
1
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[&#039;wpavatar_network_controlled_options&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilityfile system operations chmod1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
ERRORMaintainabilityparse url parse url1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_licenseReference
WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

10

External assets

0

Incoming endpoints

4

Notable Domains

cravatar.com4 · outbound
wpavatar.com3 · outbound
cn.cravatar.com1 · outbound
wpcy.com1 · outbound
wpfanyi.com1 · outbound

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints4
wp_ajax_wpavatar_check_all_cacheauthenticated

wp_ajax

wp_ajax_wpavatar_check_cacheauthenticated

wp_ajax

wp_ajax_wpavatar_purge_all_cacheauthenticated

wp_ajax

wp_ajax_wpavatar_purge_cacheauthenticated

wp_ajax

Score History

First score snapshot

v1.9.4

36

Latest

Findings
470
Errors
425
Warnings
45
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Easy Author Avatar Image

1k+ active installs

100
WP Custom Avatar

500 active installs

98
Disable User Gravatar

3k+ active installs

95
Leira Letter Avatar

6k+ active installs

93
Add New Default Avatar

500 active installs

82
Podamibe Custom User Gravatar

3k+ active installs

80