WPCal.io – Easy Meeting Scheduler

Your clients can quickly view your real-time availability and self-book their own slots, and eliminate all back-and-forth emailing.

v0.9.5.10revmakxUpdated Added 900 installs92% rating
23
Score
694
Errors
595
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability2

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,289 findings

Security

731

11 issue groups

Maintainability

524

12 issue groups

I18n

8

2 issue groups

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.225
Category
Maintainability
Occurrences
225
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().206
Category
Maintainability
Occurrences
206
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $alter_query198
Category
Security
Occurrences
198
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $alter_query

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$ajax_request_action_end'.184
Category
Security
Occurrences
184
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$ajax_request_action_end'.

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $alter_query used in $wpdb->query()\n$alter_query assigned unsafely at line 1106.142
Category
Security
Occurrences
142
Severity
error

Sample message

Unescaped parameter $alter_query used in $wpdb->query()\n$alter_query assigned unsafely at line 1106.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"({$name}) missing required param: '{$paramName}'"'.108
Category
Security
Occurrences
108
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"({$name}) missing required param: '{$paramName}'"'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.30
Category
Security
Occurrences
30
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;27
Category
Maintainability
Occurrences
27
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$descr_txt".25
Category
Maintainability
Occurrences
25
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$descr_txt".

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['wpcal_tz']23
Category
Security
Occurrences
23
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['wpcal_tz']

Show 15 more
WARNINGSecurityRequest data is not unslashed23
Category
Security
Occurrences
23
Severity
warning

Sample message

$_COOKIE['wpcal_tz'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilitySchema Change15
Category
Maintainability
Occurrences
15
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityMissing nonce verification8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecuritywp redirect wp redirect8
Category
Security
Occurrences
8
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilitywp function not compatible with requires wp5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Function "wp_timezone()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.0.0.

WARNINGSecurityInterpolated SQL is not prepared4
Category
Security
Occurrences
4
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $escaped_table_name at "SHOW TABLES LIKE '$escaped_table_name'"

ERRORMaintainabilitydate date4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityerror log trigger error4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

ERRORMaintainabilityrand mt rand4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

ERRORI18nMissing Arg Domain4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nNon Singular String Literal Text4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $location['form']['password_data']['label']

WARNINGMaintainabilityNon-prefixed function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "test".

WARNINGMaintainabilityerror log debug backtrace3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WARNINGSecurityInput is not validated3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['tp']. Check that the array index exists before using it.

ERRORMaintainabilityparse url parse url3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

External Connections

Potential connections found in static code analysis.

40 domains

Outbound calls

297

External assets

0

Incoming endpoints

3

Notable Domains

tools.ietf.org50 · outbound
help.wpcal.io26 · outbound
packagist.org25 · outbound
thephpleague.com25 · outbound
php.net16 · outbound
wpcal.io15 · outbound

Platform / Reference Domains

github.com50 · platform/reference
opensource.org25 · platform/reference
w3.org9 · platform/reference
codex.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_wpcal_process_user_ajax_requestpublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_wpcal_process_admin_ajax_requestauthenticated

wp_ajax

wp_ajax_wpcal_process_user_ajax_requestauthenticated

wp_ajax

Score History

First score snapshot

v0.9.5.10

23

Latest

Findings
1,289
Errors
694
Warnings
595
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Termin-Kalender

400 active installs

100
Cal.com

1k+ active installs

99
Jobber

1k+ active installs

99
Shore Booking Widget

1k+ active installs

99