WPGraphQL IDE

Modern GraphQL IDE for WPGraphQL — schema-aware editor, execution history, saved queries, and a public endpoint mode.

v5.0.1Joe FuscoUpdated Added 1k+ installs0% rating
35
Score
38
Errors
18
Warnings
+0
Change

Category Scores

Security76
Repo80
Performance98
Maintainability85

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

56 findings

I18n

29

1 issue group

Maintainability

14

7 issue groups

Security

8

2 issue groups

Supply Chain

3

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'wpgraphql-ide' but got 'wp-graphql-ide'.29
Category
I18n
Occurrences
29
Severity
error

Sample message

Mismatched text domain. Expected 'wpgraphql-ide' but got 'wp-graphql-ide'.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_SERVER['HTTP_ACCEPT']4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['HTTP_ACCEPT']

WARNINGSecurityRequest data is not unslashed$_SERVER['HTTP_ACCEPT'] not unslashed before sanitization. Use wp_unslash() or similar4
Category
Security
Occurrences
4
Severity
warning

Sample message

$_SERVER['HTTP_ACCEPT'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORSupply ChainHidden files includedHidden files are not permitted.3
Category
Supply Chain
Occurrences
3
Severity
error

Sample message

Hidden files are not permitted.

WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "WPGraphQL IDE" - contains the restricted term "wp" which cannot be used at all in your plugin name.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WPGraphQL IDE" - contains the restricted term "wp" which cannot be used at all in your plugin name.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "register_graphql_document_setting_field".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "register_graphql_document_setting_field".

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "graphql_manage_settings_cap".1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "graphql_manage_settings_cap".

WARNINGPerformancePost Not In post not inUsing exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WARNINGMaintainabilitymissing composer json fileThe "/vendor" directory using composer exists, but "composer.json" file is missing.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

Show 3 more
WARNINGRepo Complianceplugin header nonexistent domain path1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"

WARNINGMaintainabilityunexpected markdown file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Unexpected markdown file "UPGRADE-5.0.md" detected in plugin root. Only specific markdown files are expected in production plugins.

WARNINGMaintainabilityupgrade notice limit1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The upgrade notice for "5.0.0" exceeds the limit of 300 characters.

External Connections

Potential connections found in static code analysis.

15 domains

Outbound calls

58

External assets

0

Incoming endpoints

5

Notable Domains

wpgraphql.com20 · outbound
appsero.com4 · outbound
api.appsero.com2 · outbound
discord.gg2 · outbound
php-fig.org2 · outbound
commonmark.org1 · outbound

Platform / Reference Domains

w3.org16 · platform/reference
github.com4 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/wpgraphql-ide/v1/collections/reorderREST

register_rest_route

/wp-json/wpgraphql-ide/v1/documents/exportREST

register_rest_route

/wp-json/wpgraphql-ide/v1/documents/importREST

register_rest_route

/wp-json/wpgraphql-ide/v1/documents/reorderREST

register_rest_route

Admin AJAX endpoints1
wp_ajax_appsero_refresh_license_authenticated

wp_ajax

Score History

First score snapshot

v5.0.1

35

Latest

Findings
56
Errors
38
Warnings
18
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

36 nodes

Related Plugins

Add WPGraphql Send Mail

500 active installs

99
CoCart CORS Support

400 active installs

98
WPGraphQL Yoast SEO Addon

10k+ active installs

95
Faust.js

1k+ active installs

91
Headless Mode

2k+ active installs

80