Easy self-host Google Fonts, Adobe Fonts support, or upload custom fonts in WordPress. Integrated into the most popular themes and page builders.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
117
14 issue groups
Security
43
11 issue groups
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "a!yabe/webfont/api/font:clean_up".45
- Category
- Maintainability
- Occurrences
- 45
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "a!yabe/webfont/api/font:clean_up".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.31
- Category
- Maintainability
- Occurrences
- 31
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $sql22
- Category
- Security
- Occurrences
- 22
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$css'.
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 89.2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 89.
Show 15 moreShow less
ERRORSecurityLike Wildcards In Query2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '%1\$s'.
WARNINGSecurityReplacements Wrong Number2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 0.
ERRORMaintainabilitydate date2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityMissing nonce verification2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitized2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_SERVER['HTTP_REFERER']
WARNINGSecurityRequest data is not unslashed2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
$_SERVER['HTTP_REFERER'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInterpolated SQL is not prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$where_clause} at "\n SELECT COUNT(*) FROM {$wpdb->prefix}yabe_webfont_fonts\n {$where_clause}\n "
WARNINGMaintainabilityNon-prefixed global symbol1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "f!yabe/webfont/font:google" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORMaintainabilityfile system operations fclose1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations fwrite1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
WARNINGMaintainabilitymismatched plugin name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Plugin name "Yabe Webfont - Use Custom Fonts, Google Fonts or Adobe Fonts" is different from the name declared in plugin header "Yabe Webfont".
WARNINGMaintainabilitymissing composer json file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
ERRORMaintainabilityMissing direct file access protection1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
External Connections
Not analyzed yet.
Score History
First score snapshot
v1.0.100
35
Latest
- Findings
- 162
- Errors
- 48
- Warnings
- 114
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 35 | 162 | 48 | 114 | v1.0.100 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Related
Author
Issue
Related
Related Plugins
60k+ active installs
800 active installs
10k+ active installs
600 active installs
2k+ active installs