Drag & drop to import from any CSV, Excel, XML, or Google Sheets file into Yoast SEO's titles, meta descriptions, focus keywords, schema sett …
Category Scores
Top Issues by Category
security21
maintainability15
i18n6
Issues Details
45 issues found in latest scan
Processing form data without nonce verification.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field_params['name']'.
The $text parameter must be a single text string literal. Found: $field_params['name']
The plugin name includes a restricted term. Your chosen plugin name - "WP All Import - Yoast WordPress SEO Add-On" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "rapid_is_active_add_on".
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a non-sanitized input variable: $_GET['id']
$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar
Mismatched text domain. Expected 'yoast-seo-settings-xml-csv-import' but got 'pmxi_plugin'.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Unescaped parameter $imports_table used in $wpdb->get_row()\n$imports_table assigned unsafely at line 433.
Use placeholders and $wpdb->prepare(); found interpolated variable $imports_table at "SELECT options FROM $imports_table WHERE id = %d"
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "RapidAddon".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$custom_type".
unlink() is discouraged. Use wp_delete_file() to delete a file.
The $domain parameter must be a single text string literal. Found: 'rapid_addon_'.$this->slug
Plugin name "WP All Import – Import SEO Settings for Yoast SEO" is different from the name declared in plugin header "WP All Import - Yoast WordPress SEO Add-On".
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 7 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field_params['name']'. | 6 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $field_params['name'] | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "WP All Import - Yoast WordPress SEO Add-On" - contains the restricted term "wordpress" which cannot be used at all in your plugin name. | 3 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 2 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "rapid_is_active_add_on". | 2 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['id'] | 2 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar | 2 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'yoast-seo-settings-xml-csv-import' but got 'pmxi_plugin'. | 2 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 2 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $imports_table used in $wpdb->get_row()\n$imports_table assigned unsafely at line 433. | 1 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $imports_table at "SELECT options FROM $imports_table WHERE id = %d" | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "RapidAddon". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$custom_type". | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| WordPress.WP.I18n.NonSingularStringLiteralDomain | ERROR | The $domain parameter must be a single text string literal. Found: 'rapid_addon_'.$this->slug | 1 |
| mismatched_plugin_name | WARNING | Plugin name "WP All Import – Import SEO Settings for Yoast SEO" is different from the name declared in plugin header "WP All Import - Yoast WordPress SEO Add-On". | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_trimmed_short_description | WARNING | The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported. | 1 |
Latest Snapshot
Findings
45
Errors
19
Warnings
26
Score History
First score snapshot
First scan completed
v1.1.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v1.1.8
46
Latest
- Findings
- 45
- Errors
- 19
- Warnings
- 26
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 46 | 45 | 19 | 26 | v1.1.8 | 2.0.0 | 2026.06-mvp-static-v2 |
