Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
1,343
16 issue groups
Security
685
9 issue groups
WARNINGMaintainabilityNon Prefixed Namespace FoundNamespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "Aws\Common".248
- Category
- Maintainability
- Occurrences
- 248
- Severity
- warning
Sample message
Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "Aws\Common".
WARNINGSecurityMissing Unslash$_GET['auth_error'] not unslashed before sanitization. Use wp_unslash() or similar190
- Category
- Security
- Occurrences
- 190
- Severity
- warning
Sample message
$_GET['auth_error'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.161
- Category
- Maintainability
- Occurrences
- 161
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().160
- Category
- Maintainability
- Occurrences
- 160
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.132
- Category
- Maintainability
- Occurrences
- 132
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().112
- Category
- Maintainability
- Occurrences
- 112
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().98
- Category
- Maintainability
- Occurrences
- 98
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;83
- Category
- Maintainability
- Occurrences
- 83
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_ENV['MAGIC']81
- Category
- Security
- Occurrences
- 81
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_ENV['MAGIC']
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable $and at "SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft' $and"74
- Category
- Security
- Occurrences
- 74
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $and at "SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft' $and"
Show 15 moreShow less
WARNINGSecurityRecommended72
- Category
- Security
- Occurrences
- 72
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityNot Prepared70
- Category
- Security
- Occurrences
- 70
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $exclude_states
ERRORMaintainabilityfile system operations fwrite63
- Category
- Maintainability
- Occurrences
- 63
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilityfile system operations fread62
- Category
- Maintainability
- Occurrences
- 62
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORSecurityUnescaped DBParameter60
- Category
- Security
- Occurrences
- 60
- Severity
- error
Sample message
Unescaped parameter $and used in $wpdb->get_results()\n$and assigned unsafely at line 1892.
WARNINGSecurityInput Not Validated58
- Category
- Security
- Occurrences
- 58
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['async-upload']. Check that the array index exists before using it.
WARNINGMaintainabilityDiscouraged43
- Category
- Maintainability
- Occurrences
- 43
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
WARNINGSecurityMissing43
- Category
- Security
- Occurrences
- 43
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon Prefixed Hookname Found41
- Category
- Maintainability
- Occurrences
- 41
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "bloginfo_rss".
WARNINGSecurityUnescaped DBParameter37
- Category
- Security
- Occurrences
- 37
- Severity
- warning
Sample message
Unescaped parameter $columns used in $wpdb->get_results()\n$columns assigned unsafely at line 38.
ERRORMaintainabilitycurl curl setopt36
- Category
- Maintainability
- Occurrences
- 36
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations mkdir33
- Category
- Maintainability
- Occurrences
- 33
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
WARNINGMaintainabilityNon Prefixed Variable Found27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$default_remote_storage".
ERRORMaintainabilityPlugin Directory Write22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORMaintainabilitymysql PDO22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: \PDO.
Score History
First score snapshot
v0.9.129
25
Latest
- Findings
- 2,360
- Errors
- 899
- Warnings
- 1,461
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 2,360 | 899 | 1,461 | v0.9.129 | 2.0.0 |
Related Plugins
7k+ active installs
3k+ active installs
4k+ active installs
4k+ active installs
30k+ active installs
80k+ active installs