WPFunnels is a powerful funnel builder for WooCommerce that helps store owners create high-converting WooCommerce checkout pages, sales funnels, one-c …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
3,956
2 issue groups
Security
2,812
11 issue groups
Maintainability
1,880
11 issue groups
Performance
10
1 issue group
ERRORI18nText Domain MismatchMismatched text domain. Expected 'wpfunnels' but got "wpfnl".3,908
- Category
- I18n
- Occurrences
- 3,908
- Severity
- error
Sample message
Mismatched text domain. Expected 'wpfunnels' but got "wpfnl".
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"&per_page={$per_page}"'.1,633
- Category
- Security
- Occurrences
- 1,633
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"&per_page={$per_page}"'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_cond".1,291
- Category
- Maintainability
- Occurrences
- 1,291
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_cond".
WARNINGSecurityMissingProcessing form data without nonce verification.352
- Category
- Security
- Occurrences
- 352
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityRecommendedProcessing form data without nonce verification.270
- Category
- Security
- Occurrences
- 270
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing Unslash$_COOKIE['wpfunnels_current_post_id'] not unslashed before sanitization. Use wp_unslash() or similar213
- Category
- Security
- Occurrences
- 213
- Severity
- warning
Sample message
$_COOKIE['wpfunnels_current_post_id'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;187
- Category
- Maintainability
- Occurrences
- 187
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$cookie_name]186
- Category
- Security
- Occurrences
- 186
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[$cookie_name]
WARNINGMaintainabilityNo Code FoundNo PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.104
- Category
- Maintainability
- Occurrences
- 104
- Severity
- warning
Sample message
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.78
- Category
- Maintainability
- Occurrences
- 78
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching70
- Category
- Maintainability
- Occurrences
- 70
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilitydate date48
- Category
- Maintainability
- Occurrences
- 48
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORI18nMissing Translators Comment48
- Category
- I18n
- Occurrences
- 48
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORSecurityNot Prepared38
- Category
- Security
- Occurrences
- 38
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $cat_Args
WARNINGMaintainabilityNon Prefixed Hookname Found35
- Category
- Maintainability
- Occurrences
- 35
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
WARNINGSecurityInput Not Validated35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['uploaded_file']['error']. Check that the array index exists before using it.
WARNINGSecurityInterpolated Not Prepared31
- Category
- Security
- Occurrences
- 31
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $automation_meta_table at "SELECT * FROM $automation_meta_table WHERE automation_id = %d AND meta_key = %s"
ERRORSecurityUnescaped DBParameter26
- Category
- Security
- Occurrences
- 26
- Severity
- error
Sample message
Unescaped parameter $cat_Args used in $wpdb->get_results()\n$cat_Args assigned unsafely at line 46.
ERRORMaintainabilityEcho Found24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- error
Sample message
Short PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."
WARNINGMaintainabilityslow db query meta query23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGSecurityUnescaped DBParameter17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Unescaped parameter $stats_table used in $wpdb->get_row()\n$stats_table assigned unsafely at line 1222.
WARNINGMaintainabilityNon Prefixed Function Found11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_wpfnl".
ERRORSecurityException Not Escaped11
- Category
- Security
- Occurrences
- 11
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Failed to get intent of type $intent_type. Type is not allowed"'.
WARNINGPerformancePost Not In exclude10
- Category
- Performance
- Occurrences
- 10
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGMaintainabilityslow db query meta key9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
Score History
First score snapshot
v3.12.7
22
Latest
- Findings
- 8,786
- Errors
- 5,996
- Warnings
- 2,790
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 22 | 8,786 | 5,996 | 2,790 | v3.12.7 | 2.0.0 |
Related Plugins
5k+ active installs
1k+ active installs
200k+ active installs