PluginScore

Photo Engine (Media Organizer & Lightroom)

Organize your photos in folders and collections. Synchronize with Lightroom. Make your life easier! :)

v6.5.3Jordy MeowUpdated Added 2k+ installs98% rating
exportimagelightroommanagersync
23
Score
252
Errors
650
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

902 findings

Security

489

13 issue groups

Maintainability

302

8 issue groups

I18n

54

4 issue groups

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.117
Category
Maintainability
Occurrences
117
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().112
Category
Maintainability
Occurrences
112
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $orderSql at \t\t\t\t$orderSql \n109
Category
Security
Occurrences
109
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $orderSql at \t\t\t\t$orderSql \n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table_name used in $wpdb->get_col()90
Category
Security
Occurrences
90
Severity
warning

Sample message

Unescaped parameter $table_name used in $wpdb->get_col()

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_POST['lr_id']'.65
Category
Security
Occurrences
65
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_POST['lr_id']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE["wplr_auth_token"]41
Category
Security
Occurrences
41
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE["wplr_auth_token"]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_COOKIE["wplr_auth_token"] not unslashed before sanitization. Use wp_unslash() or similar37
Category
Security
Occurrences
37
Severity
warning

Sample message

$_COOKIE["wplr_auth_token"] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.30
Category
Maintainability
Occurrences
30
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.30
Category
Security
Occurrences
30
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.24
Category
Security
Occurrences
24
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
Show 15 more
ERRORSecurityUnsafe printing function23
Category
Security
Occurrences
23
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGSecurityInput is not validated23
Category
Security
Occurrences
23
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['file']['name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nNon Singular String Literal Domain21
Category
I18n
Occurrences
21
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->domain

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORSecurityQuoted Simple Placeholder18
Category
Security
Occurrences
18
Severity
error

Sample message

Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.

WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder
ERRORSecuritySQL query is not prepared15
Category
Security
Occurrences
15
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $limitClause

WordPress.DB.PreparedSQL.NotPrepared
ERRORI18nMissing Arg Domain15
Category
I18n
Occurrences
15
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORMaintainabilitydate date13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
WARNINGMaintainabilityerror log print r11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORI18nMissing Translators Comment11
Category
I18n
Occurrences
11
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORMaintainabilityMissing direct file access protection9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORSecuritySetting is missing a sanitization callback7
Category
Security
Occurrences
7
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
ERRORSecurityDatabase parameter is not escaped7
Category
Security
Occurrences
7
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_col()\n$query assigned unsafely at line 2010.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORI18nText Domain Mismatch7
Category
I18n
Occurrences
7
Severity
error

Sample message

Mismatched text domain. Expected 'wplr-sync' but got 'meowapps'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORMaintainabilityrand mt rand5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
ERRORMaintainabilityunlink unlink5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink

Score History

First score snapshot

v6.5.3

23

Latest

Findings
902
Errors
252
Warnings
650
Check
2.0.0

Related Plugins

Category Icon

2k+ active installs

100
Lightbox Images for Divi Enhanced

4k+ active installs

100
Custom Post Exporter

3k+ active installs

99
Default Featured Image

60k+ active installs

99
Favicon Rotator

20k+ active installs

99
Featured Image

1k+ active installs

99