Issue Taxonomy
All Issues
| Issue | Family | Weight | Affected | Fix |
|---|---|---|---|---|
| Missing direct file access protection missing_direct_file_access_protection | maintainability | medium | 1497 | Add an ABSPATH guard near the top of executable PHP files. |
| Output is not escaped WordPress.Security.EscapeOutput.OutputNotEscaped | security | critical | 1323 | Escape output with the function that matches the HTML context. |
| Input is not sanitized WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | security | critical | 1281 | Sanitize request data before using or storing it. |
| Request data is not unslashed WordPress.Security.ValidatedSanitizedInput.MissingUnslash | security | critical | 1277 | Call `wp_unslash()` before sanitizing request input. |
| Non-prefixed global variable WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | maintainability | medium | 1236 | Prefix the global variable with a unique plugin namespace. |
| Non-prefixed hook name WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | maintainability | medium | 1182 | Prefix the hook name with a unique plugin namespace. |
| Nonce verification recommended WordPress.Security.NonceVerification.Recommended | security | critical | 1182 | Add nonce verification unless the request is intentionally public and read-only. |
| Input is not validated WordPress.Security.ValidatedSanitizedInput.InputNotValidated | security | critical | 986 | Validate sanitized input against the values the code actually supports. |
| Non-prefixed function WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | maintainability | medium | 983 | Prefix the function with a unique plugin namespace. |
| Direct Query WordPress.DB.DirectDatabaseQuery.DirectQuery | maintainability | medium | 979 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| No Caching WordPress.DB.DirectDatabaseQuery.NoCaching | maintainability | medium | 973 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| Missing Translators Comment WordPress.WP.I18n.MissingTranslatorsComment | i18n | low | 937 | Use stable, literal translation strings and the plugin's correct text domain. |
| Missing nonce verification WordPress.Security.NonceVerification.Missing | security | critical | 910 | Verify a nonce before processing state-changing requests. |
| wp function not compatible with requires wp wp_function_not_compatible_with_requires_wp | maintainability | medium | 902 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| outdated tested upto header outdated_tested_upto_header | repo_compliance | high | 885 | Align the plugin header, readme, and release package metadata. |
| Non-prefixed class WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | maintainability | medium | 803 | Prefix the class with a unique plugin namespace. |
| mismatched plugin name mismatched_plugin_name | maintainability | medium | 796 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| load plugin textdomain Found PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | i18n | low | 791 | Use stable, literal translation strings and the plugin's correct text domain. |
| Missing Arg Domain WordPress.WP.I18n.MissingArgDomain | i18n | low | 785 | Use stable, literal translation strings and the plugin's correct text domain. |
| trademarked term trademarked_term | maintainability | medium | 779 | Adjust naming and promotional copy to be clear, accurate, and policy-safe. |
| Text Domain Mismatch WordPress.WP.I18n.TextDomainMismatch | i18n | low | 763 | Use stable, literal translation strings and the plugin's correct text domain. |
| Non-prefixed constant WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | maintainability | medium | 760 | Prefix the constant with a unique plugin namespace. |
| Not In Footer WordPress.WP.EnqueuedResourceParameters.NotInFooter | maintainability | medium | 728 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Database parameter is not escaped PluginCheck.Security.DirectDB.UnescapedDBParameter | security | critical | 709 | Prepare SQL values and allowlist SQL identifiers. |
| Missing Version WordPress.WP.EnqueuedResourceParameters.MissingVersion | maintainability | medium | 686 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Unsafe printing function WordPress.Security.EscapeOutput.UnsafePrintingFunction | security | critical | 673 | Escape each printed value before passing it to the printing function. |
| date date WordPress.DateTime.RestrictedFunctions.date_date | maintainability | medium | 614 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| wp redirect wp redirect WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | security | critical | 563 | Review the affected code path and apply the WordPress security API for that context. |
| plugin header no license plugin_header_no_license | repo_compliance | high | 537 | Use clear, consistent GPL-compatible license metadata. |
| SQL query is not prepared WordPress.DB.PreparedSQL.NotPrepared | security | critical | 532 | Use `$wpdb->prepare()` for dynamic SQL values. |
| Non Singular String Literal Text WordPress.WP.I18n.NonSingularStringLiteralText | i18n | low | 509 | Use stable, literal translation strings and the plugin's correct text domain. |
| Exception output is not escaped WordPress.Security.EscapeOutput.ExceptionNotEscaped | security | critical | 484 | Escape exception output and avoid showing raw exception messages to visitors. |
| Non-prefixed hook name WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | maintainability | medium | 461 | Prefix the hook name with a unique plugin namespace. |
| Interpolated SQL is not prepared WordPress.DB.PreparedSQL.InterpolatedNotPrepared | security | critical | 446 | Put placeholders in the SQL string and pass dynamic values separately. |
| strip tags strip tags WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | maintainability | medium | 416 | Use a WordPress sanitizer or escaping function that matches the expected value. |
| file system operations fclose WordPress.WP.AlternativeFunctions.file_system_operations_fclose | maintainability | medium | 414 | Use the WordPress Filesystem API or tightly constrain file operations. |
| slow db query meta key WordPress.DB.SlowDBQuery.slow_db_query_meta_key | maintainability | medium | 403 | Reduce expensive query arguments and add caching where the result is reused. |
| error log error log WordPress.PHP.DevelopmentFunctions.error_log_error_log | maintainability | medium | 401 | Remove production debug output or guard it behind safe debug-only conditions. |
| Unordered Placeholders Text WordPress.WP.I18n.UnorderedPlaceholdersText | i18n | low | 388 | Use stable, literal translation strings and the plugin's correct text domain. |
| PHP Discouraged Functions Discouraged Squiz.PHP.DiscouragedFunctions.Discouraged | maintainability | medium | 386 | Replace the discouraged construct with a WordPress-friendly alternative. |
| file system operations fopen WordPress.WP.AlternativeFunctions.file_system_operations_fopen | maintainability | medium | 385 | Use the WordPress Filesystem API or tightly constrain file operations. |
| unlink unlink WordPress.WP.AlternativeFunctions.unlink_unlink | maintainability | medium | 379 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| readme parser warnings too many tags readme_parser_warnings_too_many_tags | repo_compliance | high | 379 | Update the readme to match WordPress.org parser expectations. |
| error log print r WordPress.PHP.DevelopmentFunctions.error_log_print_r | maintainability | medium | 372 | Remove production debug output or guard it behind safe debug-only conditions. |
| slow db query meta query WordPress.DB.SlowDBQuery.slow_db_query_meta_query | maintainability | medium | 364 | Reduce expensive query arguments and add caching where the result is reused. |
| parse url parse url WordPress.WP.AlternativeFunctions.parse_url_parse_url | maintainability | medium | 361 | Prefer WordPress URL helpers and validate parsed URL parts. |
| Schema Change WordPress.DB.DirectDatabaseQuery.SchemaChange | maintainability | medium | 347 | Prefer WordPress APIs, and prepare and cache direct queries when they are necessary. |
| Post Not In exclude WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | performance | medium | 320 | Use narrower queries, pagination, and caching for repeated expensive work. |
| missing composer json file missing_composer_json_file | maintainability | medium | 318 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| file system operations fwrite WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | maintainability | medium | 304 | Use the WordPress Filesystem API or tightly constrain file operations. |
| slow db query meta value WordPress.DB.SlowDBQuery.slow_db_query_meta_value | maintainability | medium | 289 | Reduce expensive query arguments and add caching where the result is reused. |
| rand rand WordPress.WP.AlternativeFunctions.rand_rand | maintainability | medium | 284 | Use a purpose-appropriate random API. |
| slow db query tax query WordPress.DB.SlowDBQuery.slow_db_query_tax_query | maintainability | medium | 260 | Reduce expensive query arguments and add caching where the result is reused. |
| five star reviews detected five_star_reviews_detected | maintainability | medium | 253 | Adjust naming and promotional copy to be clear, accurate, and policy-safe. |
| Hidden files included hidden_files | supply_chain | critical | 243 | Remove hidden development files from the release package. |
| file system operations is writable WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | maintainability | medium | 242 | Use the WordPress Filesystem API or tightly constrain file operations. |
| update modification detected update_modification_detected | maintainability | medium | 240 | Use the normal WordPress.org update flow unless there is a clearly documented reason. |
| PHP Forbidden Functions Found Generic.PHP.ForbiddenFunctions.Found | maintainability | medium | 235 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Non Enqueued Script WordPress.WP.EnqueuedResources.NonEnqueuedScript | maintainability | medium | 234 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| plugin updater detected plugin_updater_detected | maintainability | medium | 231 | Use the normal WordPress.org update flow unless there is a clearly documented reason. |
| badly named files badly_named_files | maintainability | medium | 223 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| file system operations mkdir WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | maintainability | medium | 220 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Post Not In post not in WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | performance | medium | 206 | Use narrower queries, pagination, and caching for repeated expensive work. |
| Not Allowed PluginCheck.CodeAnalysis.Heredoc.NotAllowed | maintainability | medium | 205 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| rand mt rand WordPress.WP.AlternativeFunctions.rand_mt_rand | maintainability | medium | 199 | Use a purpose-appropriate random API. |
| No Code Found Internal.NoCodeFound | maintainability | medium | 193 | Review the scan output and package contents, then rerun the scan. |
| Setting is missing a sanitization callback PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | security | critical | 188 | Add a `sanitize_callback` when registering the setting. |
| error log trigger error WordPress.PHP.DevelopmentFunctions.error_log_trigger_error | maintainability | medium | 186 | Remove production debug output or guard it behind safe debug-only conditions. |
| No Explicit Version WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion | maintainability | medium | 185 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Non Enqueued Stylesheet WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet | maintainability | medium | 184 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| Plugin Directory Write PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite | maintainability | medium | 178 | Write only to appropriate data locations and never write executable code from untrusted input. |
| library core files library_core_files | maintainability | medium | 173 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| curl curl init WordPress.WP.AlternativeFunctions.curl_curl_init | maintainability | medium | 172 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl exec WordPress.WP.AlternativeFunctions.curl_curl_exec | maintainability | medium | 169 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| file system operations fread WordPress.WP.AlternativeFunctions.file_system_operations_fread | maintainability | medium | 161 | Use the WordPress Filesystem API or tightly constrain file operations. |
| file system operations rmdir WordPress.WP.AlternativeFunctions.file_system_operations_rmdir | maintainability | medium | 161 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Unfinished Prepare WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | security | critical | 159 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Get terms Param2Found WordPress.WP.DeprecatedParameters.Get_termsParam2Found | maintainability | medium | 159 | Replace the deprecated usage with the current WordPress API. |
| textdomain mismatch textdomain_mismatch | i18n | low | 157 | Use stable, literal translation strings and the plugin's correct text domain. |
| curl curl close WordPress.WP.AlternativeFunctions.curl_curl_close | maintainability | medium | 156 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl setopt WordPress.WP.AlternativeFunctions.curl_curl_setopt | maintainability | medium | 156 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| readme parser warnings trimmed short description readme_parser_warnings_trimmed_short_description | repo_compliance | high | 156 | Update the readme to match WordPress.org parser expectations. |
| rename rename WordPress.WP.AlternativeFunctions.rename_rename | maintainability | medium | 154 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Offloaded Content PluginCheck.CodeAnalysis.Offloading.OffloadedContent | maintainability | medium | 152 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Non Singular String Literal Domain WordPress.WP.I18n.NonSingularStringLiteralDomain | i18n | low | 152 | Use stable, literal translation strings and the plugin's correct text domain. |
| error log var export WordPress.PHP.DevelopmentFunctions.error_log_var_export | maintainability | medium | 149 | Remove production debug output or guard it behind safe debug-only conditions. |
| file system operations chmod WordPress.WP.AlternativeFunctions.file_system_operations_chmod | maintainability | medium | 147 | Use the WordPress Filesystem API or tightly constrain file operations. |
| No Html Wrapped Strings WordPress.WP.I18n.NoHtmlWrappedStrings | i18n | low | 141 | Use stable, literal translation strings and the plugin's correct text domain. |
| Offloaded Content PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent | maintainability | medium | 135 | Load assets through `wp_enqueue_script()` or `wp_enqueue_style()` with complete metadata. |
| license mismatch license_mismatch | repo_compliance | high | 135 | Use clear, consistent GPL-compatible license metadata. |
| plugin header nonexistent domain path plugin_header_nonexistent_domain_path | repo_compliance | high | 127 | Correct the plugin header metadata in the main plugin file. |
| error log debug backtrace WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace | maintainability | medium | 125 | Remove production debug output or guard it behind safe debug-only conditions. |
| No Empty Strings WordPress.WP.I18n.NoEmptyStrings | i18n | low | 125 | Use stable, literal translation strings and the plugin's correct text domain. |
| curl curl getinfo WordPress.WP.AlternativeFunctions.curl_curl_getinfo | maintainability | medium | 123 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Quoted Simple Placeholder WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | security | critical | 113 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Non-prefixed global variable WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound | maintainability | medium | 112 | Prefix the global variable with a unique plugin namespace. |
| curl curl error WordPress.WP.AlternativeFunctions.curl_curl_error | maintainability | medium | 112 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Non-prefixed interface WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedInterfaceFound | maintainability | medium | 109 | Prefix the interface with a unique plugin namespace. |
| Non-prefixed namespace WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedNamespaceFound | maintainability | medium | 109 | Prefix the namespace with a unique plugin namespace. |
| prevent path disclosure error reporting WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting | maintainability | medium | 109 | Remove production debug output or guard it behind safe debug-only conditions. |
| file system operations readfile WordPress.WP.AlternativeFunctions.file_system_operations_readfile | maintainability | medium | 107 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Suppress Filters suppress filters WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | performance | medium | 107 | Use narrower queries, pagination, and caching for repeated expensive work. |
| upgrade notice limit upgrade_notice_limit | maintainability | medium | 93 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| no license no_license | repo_compliance | high | 92 | Use clear, consistent GPL-compatible license metadata. |
| error log set error handler WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler | maintainability | medium | 90 | Remove production debug output or guard it behind safe debug-only conditions. |
| readme parser warnings trimmed section changelog readme_parser_warnings_trimmed_section_changelog | repo_compliance | high | 89 | Update the readme to match WordPress.org parser expectations. |
| curl curl errno WordPress.WP.AlternativeFunctions.curl_curl_errno | maintainability | medium | 88 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Replacements Wrong Number WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber | security | critical | 83 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| application detected application_detected | maintainability | medium | 80 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Echo Found Generic.PHP.DisallowShortOpenTag.EchoFound | maintainability | medium | 79 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| curl curl setopt array WordPress.WP.AlternativeFunctions.curl_curl_setopt_array | maintainability | medium | 79 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| file system operations touch WordPress.WP.AlternativeFunctions.file_system_operations_touch | maintainability | medium | 78 | Use the WordPress Filesystem API or tightly constrain file operations. |
| block api version too low block_api_version_too_low | maintainability | medium | 72 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| wp reset query wp reset query WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query | maintainability | medium | 71 | Replace the discouraged construct with a WordPress-friendly alternative. |
| error log var dump WordPress.PHP.DevelopmentFunctions.error_log_var_dump | maintainability | medium | 70 | Remove production debug output or guard it behind safe debug-only conditions. |
| readme mismatched header requires readme_mismatched_header_requires | repo_compliance | high | 67 | Update the readme to match WordPress.org parser expectations. |
| Load plugin textdomain Param2Found WordPress.WP.DeprecatedParameters.Load_plugin_textdomainParam2Found | i18n | low | 63 | Use stable, literal translation strings and the plugin's correct text domain. |
| Input is not validated or sanitized WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized | security | critical | 60 | Unslash, sanitize, then validate the input before use. |
| unexpected markdown file unexpected_markdown_file | maintainability | medium | 58 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| trunk stable tag trunk_stable_tag | maintainability | medium | 57 | Align the plugin header, readme, and release package metadata. |
| file system operations fsockopen WordPress.WP.AlternativeFunctions.file_system_operations_fsockopen | maintainability | medium | 52 | Use the WordPress Filesystem API or tightly constrain file operations. |
| ABSPATHDetected PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected | maintainability | medium | 51 | Write only to appropriate data locations and never write executable code from untrusted input. |
| readme parser warnings no short description present readme_parser_warnings_no_short_description_present | repo_compliance | high | 49 | Update the readme to match WordPress.org parser expectations. |
| Code Analysis Short URL Found PluginCheck.CodeAnalysis.ShortURL.Found | maintainability | medium | 48 | Replace development URLs with production URLs and avoid short links in distributed code. |
| Like Wildcards In Query WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery | security | critical | 47 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| timezone change date default timezone set WordPress.DateTime.RestrictedFunctions.timezone_change_date_default_timezone_set | maintainability | medium | 46 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| file system operations is writeable WordPress.WP.AlternativeFunctions.file_system_operations_is_writeable | maintainability | medium | 45 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Interpolated Variable Text WordPress.WP.I18n.InterpolatedVariableText | i18n | low | 44 | Use stable, literal translation strings and the plugin's correct text domain. |
| readme short description non official language readme_short_description_non_official_language | repo_compliance | high | 43 | Update the readme to match WordPress.org parser expectations. |
| stable tag mismatch stable_tag_mismatch | maintainability | medium | 42 | Align the plugin header, readme, and release package metadata. |
| Internal Line Endings Mixed Internal.LineEndings.Mixed | maintainability | medium | 39 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| Non-prefixed global symbol WordPress.NamingConventions.PrefixAllGlobals.InvalidPrefixPassed | maintainability | medium | 39 | Prefix the global symbol with a unique plugin namespace. |
| Too Many Function Args WordPress.WP.I18n.TooManyFunctionArgs | i18n | low | 38 | Use stable, literal translation strings and the plugin's correct text domain. |
| file system operations fputs WordPress.WP.AlternativeFunctions.file_system_operations_fputs | maintainability | medium | 37 | Use the WordPress Filesystem API or tightly constrain file operations. |
| Non Singular String Literal Plural WordPress.WP.I18n.NonSingularStringLiteralPlural | i18n | low | 36 | Use stable, literal translation strings and the plugin's correct text domain. |
| prevent path disclosure phpinfo WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_phpinfo | maintainability | medium | 34 | Remove production debug output or guard it behind safe debug-only conditions. |
| readme description non official language readme_description_non_official_language | repo_compliance | high | 34 | Update the readme to match WordPress.org parser expectations. |
| Non Singular String Literal Single WordPress.WP.I18n.NonSingularStringLiteralSingle | i18n | low | 32 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unquoted Complex Placeholder WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder | security | critical | 30 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Missing Singular Placeholder WordPress.WP.I18n.MissingSingularPlaceholder | i18n | low | 30 | Use stable, literal translation strings and the plugin's correct text domain. |
| readme mismatched header requires php readme_mismatched_header_requires_php | repo_compliance | high | 30 | Update the readme to match WordPress.org parser expectations. |
| readme reserved contributors readme_reserved_contributors | repo_compliance | high | 30 | Update the readme to match WordPress.org parser expectations. |
| Code Analysis Localhost Found PluginCheck.CodeAnalysis.Localhost.Found | maintainability | medium | 29 | Replace development URLs with production URLs and avoid short links in distributed code. |
| mysql mysqli get server info WordPress.DB.RestrictedFunctions.mysql_mysqli_get_server_info | maintainability | medium | 29 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Using FILE WordPress.Security.PluginMenuSlug.Using__FILE__ | security | critical | 29 | Review the affected code path and apply the WordPress security API for that context. |
| query posts query posts WordPress.WP.DiscouragedFunctions.query_posts_query_posts | maintainability | medium | 29 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Add option Param3Found WordPress.WP.DeprecatedParameters.Add_optionParam3Found | maintainability | medium | 28 | Replace the deprecated usage with the current WordPress API. |
| Heredoc Output Not Escaped WordPress.Security.EscapeOutput.HeredocOutputNotEscaped | security | critical | 25 | Escape dynamic output at the point where it is printed. |
| Low Level Translation Function WordPress.WP.I18n.LowLevelTranslationFunction | i18n | low | 25 | Use stable, literal translation strings and the plugin's correct text domain. |
| seems utf8Found WordPress.WP.DeprecatedFunctions.seems_utf8Found | maintainability | medium | 24 | Replace the deprecated usage with the current WordPress API. |
| wp get sites Found WordPress.WP.DeprecatedFunctions.wp_get_sitesFound | maintainability | medium | 24 | Replace the deprecated usage with the current WordPress API. |
| invalid license invalid_license | repo_compliance | high | 24 | Use clear, consistent GPL-compatible license metadata. |
| textdomain invalid format textdomain_invalid_format | i18n | low | 24 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unsupported Identifier Placeholder WordPress.DB.PreparedSQLPlaceholders.UnsupportedIdentifierPlaceholder | security | critical | 23 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Non-prefixed trait WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedTraitFound | maintainability | medium | 22 | Prefix the trait with a unique plugin namespace. |
| get page by title Found WordPress.WP.DeprecatedFunctions.get_page_by_titleFound | maintainability | medium | 22 | Replace the deprecated usage with the current WordPress API. |
| uninstall missing constant check uninstall_missing_constant_check | maintainability | medium | 22 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Compressed files included compressed_files | supply_chain | critical | 21 | Remove nested archives from the distributed plugin package. |
| invalid tested upto minor invalid_tested_upto_minor | maintainability | medium | 21 | Align the plugin header, readme, and release package metadata. |
| readme parser warnings ignored tags readme_parser_warnings_ignored_tags | repo_compliance | high | 21 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings trimmed section description readme_parser_warnings_trimmed_section_description | repo_compliance | high | 21 | Update the readme to match WordPress.org parser expectations. |
| mysql PDO WordPress.DB.RestrictedClasses.mysql__PDO | maintainability | medium | 20 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| error log wp debug backtrace summary WordPress.PHP.DevelopmentFunctions.error_log_wp_debug_backtrace_summary | maintainability | medium | 20 | Remove production debug output or guard it behind safe debug-only conditions. |
| Wp count terms Param2Found WordPress.WP.DeprecatedParameters.Wp_count_termsParam2Found | maintainability | medium | 20 | Replace the deprecated usage with the current WordPress API. |
| plugin header invalid domain path plugin_header_invalid_domain_path | repo_compliance | high | 20 | Correct the plugin header metadata in the main plugin file. |
| curl curl reset WordPress.WP.AlternativeFunctions.curl_curl_reset | maintainability | medium | 19 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| mysql mysqli connect WordPress.DB.RestrictedFunctions.mysql_mysqli_connect | maintainability | medium | 17 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Wp upload bits Param2Found WordPress.WP.DeprecatedParameters.Wp_upload_bitsParam2Found | maintainability | medium | 17 | Replace the deprecated usage with the current WordPress API. |
| invalid plugin name invalid_plugin_name | maintainability | medium | 17 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| mismatched tested up to header mismatched_tested_up_to_header | repo_compliance | high | 17 | Align the plugin header, readme, and release package metadata. |
| plugin header unsupported plugin name plugin_header_unsupported_plugin_name | repo_compliance | high | 17 | Correct the plugin header metadata in the main plugin file. |
| screen icon Found WordPress.WP.DeprecatedFunctions.screen_iconFound | maintainability | medium | 16 | Replace the deprecated usage with the current WordPress API. |
| Unordered Placeholders Plural WordPress.WP.I18n.UnorderedPlaceholdersPlural | i18n | low | 16 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unnecessary Prepare WordPress.DB.PreparedSQLPlaceholders.UnnecessaryPrepare | security | critical | 15 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysqli query WordPress.DB.RestrictedFunctions.mysql_mysqli_query | maintainability | medium | 15 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| STYLESHEETPATHUsage Found WordPress.WP.DiscouragedConstants.STYLESHEETPATHUsageFound | maintainability | medium | 15 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Mixed Ordered Placeholders Text WordPress.WP.I18n.MixedOrderedPlaceholdersText | i18n | low | 15 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unordered Placeholders Single WordPress.WP.I18n.UnorderedPlaceholdersSingle | i18n | low | 15 | Use stable, literal translation strings and the plugin's correct text domain. |
| TEMPLATEPATHUsage Found WordPress.WP.DiscouragedConstants.TEMPLATEPATHUsageFound | maintainability | medium | 14 | Replace the discouraged construct with a WordPress-friendly alternative. |
| github directory github_directory | maintainability | medium | 14 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Like Wildcards In Query With Placeholder WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQueryWithPlaceholder | security | critical | 13 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| curl curl multi add handle WordPress.WP.AlternativeFunctions.curl_curl_multi_add_handle | maintainability | medium | 13 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi exec WordPress.WP.AlternativeFunctions.curl_curl_multi_exec | maintainability | medium | 13 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi getcontent WordPress.WP.AlternativeFunctions.curl_curl_multi_getcontent | maintainability | medium | 13 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl multi init WordPress.WP.AlternativeFunctions.curl_curl_multi_init | maintainability | medium | 13 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| mysql mysql query WordPress.DB.RestrictedFunctions.mysql_mysql_query | maintainability | medium | 12 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| Unsupported Placeholder WordPress.DB.PreparedSQLPlaceholders.UnsupportedPlaceholder | security | critical | 11 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysqli connect error WordPress.DB.RestrictedFunctions.mysql_mysqli_connect_error | maintainability | medium | 11 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi remove handle WordPress.WP.AlternativeFunctions.curl_curl_multi_remove_handle | maintainability | medium | 11 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Non Singular String Literal Context WordPress.WP.I18n.NonSingularStringLiteralContext | i18n | low | 11 | Use stable, literal translation strings and the plugin's correct text domain. |
| no stable tag no_stable_tag | maintainability | medium | 11 | Align the plugin header, readme, and release package metadata. |
| Possible Found Generic.PHP.DisallowShortOpenTag.PossibleFound | maintainability | medium | 10 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| mysql mysqli WordPress.DB.RestrictedClasses.mysql__mysqli | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql error WordPress.DB.RestrictedFunctions.mysql_mysql_error | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli close WordPress.DB.RestrictedFunctions.mysql_mysqli_close | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli error WordPress.DB.RestrictedFunctions.mysql_mysqli_error | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli free result WordPress.DB.RestrictedFunctions.mysql_mysqli_free_result | maintainability | medium | 10 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi close WordPress.WP.AlternativeFunctions.curl_curl_multi_close | maintainability | medium | 10 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| get theme data Found WordPress.WP.DeprecatedFunctions.get_theme_dataFound | maintainability | medium | 10 | Replace the deprecated usage with the current WordPress API. |
| PHP Discourage Goto Found Generic.PHP.DiscourageGoto.Found | maintainability | medium | 9 | Replace the discouraged construct with a WordPress-friendly alternative. |
| mysql mysql connect WordPress.DB.RestrictedFunctions.mysql_mysql_connect | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch array WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_array | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli num rows WordPress.DB.RestrictedFunctions.mysql_mysqli_num_rows | maintainability | medium | 9 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| rand seeding mt srand WordPress.WP.AlternativeFunctions.rand_seeding_mt_srand | maintainability | medium | 9 | Use a purpose-appropriate random API. |
| allow unfiltered uploads detected allow_unfiltered_uploads_detected | maintainability | medium | 9 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| mysql mysql get server info WordPress.DB.RestrictedFunctions.mysql_mysql_get_server_info | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch assoc WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_assoc | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli init WordPress.DB.RestrictedFunctions.mysql_mysqli_init | maintainability | medium | 8 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi select WordPress.WP.AlternativeFunctions.curl_curl_multi_select | maintainability | medium | 8 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| Single Underscore Get Text Function WordPress.WP.I18n.SingleUnderscoreGetTextFunction | i18n | low | 8 | Use stable, literal translation strings and the plugin's correct text domain. |
| Translators Comment Wrong Style WordPress.WP.I18n.TranslatorsCommentWrongStyle | i18n | low | 8 | Use stable, literal translation strings and the plugin's correct text domain. |
| ai instruction directory ai_instruction_directory | maintainability | medium | 8 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| readme invalid donate link readme_invalid_donate_link | repo_compliance | high | 8 | Update the readme to match WordPress.org parser expectations. |
| Quoted Dynamic Placeholder Generation WordPress.DB.PreparedSQLPlaceholders.QuotedDynamicPlaceholderGeneration | security | critical | 7 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql close WordPress.DB.RestrictedFunctions.mysql_mysql_close | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql errno WordPress.DB.RestrictedFunctions.mysql_mysql_errno | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql fetch assoc WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_assoc | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql select db WordPress.DB.RestrictedFunctions.mysql_mysql_select_db | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli errno WordPress.DB.RestrictedFunctions.mysql_mysqli_errno | maintainability | medium | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real escape string WordPress.DB.RestrictedFunctions.mysql_mysqli_real_escape_string | security | critical | 7 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| wp make content images responsive Found WordPress.WP.DeprecatedFunctions.wp_make_content_images_responsiveFound | maintainability | medium | 7 | Replace the deprecated usage with the current WordPress API. |
| Mismatched Placeholders WordPress.WP.I18n.MismatchedPlaceholders | i18n | low | 7 | Use stable, literal translation strings and the plugin's correct text domain. |
| plugin header invalid network plugin_header_invalid_network | repo_compliance | high | 7 | Correct the plugin header metadata in the main plugin file. |
| Files Byte Order Mark Found Generic.Files.ByteOrderMark.Found | maintainability | medium | 6 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| Exception Internal.Exception | maintainability | medium | 6 | Review the scan output and package contents, then rerun the scan. |
| mysql mysql fetch row WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_row | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql free result WordPress.DB.RestrictedFunctions.mysql_mysql_free_result | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql real escape string WordPress.DB.RestrictedFunctions.mysql_mysql_real_escape_string | security | critical | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli connect errno WordPress.DB.RestrictedFunctions.mysql_mysqli_connect_errno | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch object WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_object | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch row WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_row | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli insert id WordPress.DB.RestrictedFunctions.mysql_mysqli_insert_id | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli report WordPress.DB.RestrictedFunctions.mysql_mysqli_report | maintainability | medium | 6 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl file create WordPress.WP.AlternativeFunctions.curl_curl_file_create | maintainability | medium | 6 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| get current theme Found WordPress.WP.DeprecatedFunctions.get_current_themeFound | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| Get site option Param3Found WordPress.WP.DeprecatedParameters.Get_site_optionParam3Found | maintainability | medium | 6 | Replace the deprecated usage with the current WordPress API. |
| PHP Backtick Operator Found Generic.PHP.BacktickOperator.Found | maintainability | medium | 5 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Like Without Wildcards WordPress.DB.PreparedSQLPlaceholders.LikeWithoutWildcards | security | critical | 5 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql num rows WordPress.DB.RestrictedFunctions.mysql_mysql_num_rows | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql set charset WordPress.DB.RestrictedFunctions.mysql_mysql_set_charset | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli affected rows WordPress.DB.RestrictedFunctions.mysql_mysqli_affected_rows | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get client info WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_info | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real connect WordPress.DB.RestrictedFunctions.mysql_mysqli_real_connect | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli set charset WordPress.DB.RestrictedFunctions.mysql_mysqli_set_charset | maintainability | medium | 5 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi info read WordPress.WP.AlternativeFunctions.curl_curl_multi_info_read | maintainability | medium | 5 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| file system operations chown WordPress.WP.AlternativeFunctions.file_system_operations_chown | maintainability | medium | 5 | Use the WordPress Filesystem API or tightly constrain file operations. |
| file system operations pfsockopen WordPress.WP.AlternativeFunctions.file_system_operations_pfsockopen | maintainability | medium | 5 | Use the WordPress Filesystem API or tightly constrain file operations. |
| rand seeding srand WordPress.WP.AlternativeFunctions.rand_seeding_srand | maintainability | medium | 5 | Use a purpose-appropriate random API. |
| current user can for blog Found WordPress.WP.DeprecatedFunctions.current_user_can_for_blogFound | maintainability | medium | 5 | Replace the deprecated usage with the current WordPress API. |
| PLUGINDIRUsage Found WordPress.WP.DiscouragedConstants.PLUGINDIRUsageFound | maintainability | medium | 5 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Non Singular String Literal Singular WordPress.WP.I18n.NonSingularStringLiteralSingular | i18n | low | 5 | Use stable, literal translation strings and the plugin's correct text domain. |
| plugin header invalid author uri plugin_header_invalid_author_uri | repo_compliance | high | 5 | Correct the plugin header metadata in the main plugin file. |
| Maybe ASPOpen Tag Found Generic.PHP.DisallowAlternativePHPTags.MaybeASPOpenTagFound | maintainability | medium | 4 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| Maybe ASPShort Open Tag Found Generic.PHP.DisallowAlternativePHPTags.MaybeASPShortOpenTagFound | maintainability | medium | 4 | Normalize PHP files to standard tags, UTF-8 without BOM, and consistent line endings. |
| mysql mysql fetch array WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_array | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql unbuffered query WordPress.DB.RestrictedFunctions.mysql_mysql_unbuffered_query | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli select db WordPress.DB.RestrictedFunctions.mysql_mysqli_select_db | maintainability | medium | 4 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| error log debug print backtrace WordPress.PHP.DevelopmentFunctions.error_log_debug_print_backtrace | maintainability | medium | 4 | Remove production debug output or guard it behind safe debug-only conditions. |
| curl curl strerror WordPress.WP.AlternativeFunctions.curl_curl_strerror | maintainability | medium | 4 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| file system operations chgrp WordPress.WP.AlternativeFunctions.file_system_operations_chgrp | maintainability | medium | 4 | Use the WordPress Filesystem API or tightly constrain file operations. |
| services json Found WordPress.WP.DeprecatedClasses.services_jsonFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| add contextual help Found WordPress.WP.DeprecatedFunctions.add_contextual_helpFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| get themes Found WordPress.WP.DeprecatedFunctions.get_themesFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| get userdatabylogin Found WordPress.WP.DeprecatedFunctions.get_userdatabyloginFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| wp no robots Found WordPress.WP.DeprecatedFunctions.wp_no_robotsFound | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| Term description Param2Found WordPress.WP.DeprecatedParameters.Term_descriptionParam2Found | maintainability | medium | 4 | Replace the deprecated usage with the current WordPress API. |
| plugin header invalid license plugin_header_invalid_license | repo_compliance | high | 4 | Use clear, consistent GPL-compatible license metadata. |
| plugin header invalid requires wp plugin_header_invalid_requires_wp | repo_compliance | high | 4 | Correct the plugin header metadata in the main plugin file. |
| readme parser warnings requires php header ignored readme_parser_warnings_requires_php_header_ignored | repo_compliance | high | 4 | Update the readme to match WordPress.org parser expectations. |
| Unescaped Literal WordPress.DB.PreparedSQLPlaceholders.UnescapedLiteral | security | critical | 3 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql mysql fetch field WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_field | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql get client info WordPress.DB.RestrictedFunctions.mysql_mysql_get_client_info | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql num fields WordPress.DB.RestrictedFunctions.mysql_mysql_num_fields | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli get client version WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_version | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli num fields WordPress.DB.RestrictedFunctions.mysql_mysqli_num_fields | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli prepare WordPress.DB.RestrictedFunctions.mysql_mysqli_prepare | maintainability | medium | 3 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl copy handle WordPress.WP.AlternativeFunctions.curl_curl_copy_handle | maintainability | medium | 3 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| wp http curl Found WordPress.WP.DeprecatedClasses.wp_http_curlFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| get settings Found WordPress.WP.DeprecatedFunctions.get_settingsFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| get user by email Found WordPress.WP.DeprecatedFunctions.get_user_by_emailFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| like escape Found WordPress.WP.DeprecatedFunctions.like_escapeFound | security | critical | 3 | Replace the deprecated usage with the current WordPress API. |
| wp init targeted link rel filters Found WordPress.WP.DeprecatedFunctions.wp_init_targeted_link_rel_filtersFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| wp remove targeted link rel filters Found WordPress.WP.DeprecatedFunctions.wp_remove_targeted_link_rel_filtersFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| wp specialchars Found WordPress.WP.DeprecatedFunctions.wp_specialcharsFound | maintainability | medium | 3 | Replace the deprecated usage with the current WordPress API. |
| readme parser warnings tested header ignored readme_parser_warnings_tested_header_ignored | repo_compliance | high | 3 | Update the readme to match WordPress.org parser expectations. |
| mysql mysql affected rows WordPress.DB.RestrictedFunctions.mysql_mysql_affected_rows | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field flags WordPress.DB.RestrictedFunctions.mysql_mysql_field_flags | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql ping WordPress.DB.RestrictedFunctions.mysql_mysql_ping | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql result WordPress.DB.RestrictedFunctions.mysql_mysql_result | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch field direct WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_field_direct | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli fetch fields WordPress.DB.RestrictedFunctions.mysql_mysqli_fetch_fields | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli more results WordPress.DB.RestrictedFunctions.mysql_mysqli_more_results | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli next result WordPress.DB.RestrictedFunctions.mysql_mysqli_next_result | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli ssl set WordPress.DB.RestrictedFunctions.mysql_mysqli_ssl_set | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt bind param WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_bind_param | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt execute WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_execute | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli store result WordPress.DB.RestrictedFunctions.mysql_mysqli_store_result | maintainability | medium | 2 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl escape WordPress.WP.AlternativeFunctions.curl_curl_escape | security | critical | 2 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl pause WordPress.WP.AlternativeFunctions.curl_curl_pause | maintainability | medium | 2 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| curl curl unescape WordPress.WP.AlternativeFunctions.curl_curl_unescape | security | critical | 2 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| services json error Found WordPress.WP.DeprecatedClasses.services_json_errorFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| inject theme attribute in block template content Found WordPress.WP.DeprecatedFunctions._inject_theme_attribute_in_block_template_contentFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| add option whitelist Found WordPress.WP.DeprecatedFunctions.add_option_whitelistFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| get blog list Found WordPress.WP.DeprecatedFunctions.get_blog_listFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| get theme Found WordPress.WP.DeprecatedFunctions.get_themeFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| wp blacklist check Found WordPress.WP.DeprecatedFunctions.wp_blacklist_checkFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| wp targeted link rel Found WordPress.WP.DeprecatedFunctions.wp_targeted_link_relFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| wp update core Found WordPress.WP.DeprecatedFunctions.wp_update_coreFound | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| WP Deprecated Parameter Values Found WordPress.WP.DeprecatedParameterValues.Found | maintainability | medium | 2 | Replace the deprecated usage with the current WordPress API. |
| MUPLUGINDIRUsage Found WordPress.WP.DiscouragedConstants.MUPLUGINDIRUsageFound | maintainability | medium | 2 | Replace the discouraged construct with a WordPress-friendly alternative. |
| Interpolated Variable Plural WordPress.WP.I18n.InterpolatedVariablePlural | i18n | low | 2 | Use stable, literal translation strings and the plugin's correct text domain. |
| Unordered Placeholders Singular WordPress.WP.I18n.UnorderedPlaceholdersSingular | i18n | low | 2 | Use stable, literal translation strings and the plugin's correct text domain. |
| missing readme header tested missing_readme_header_tested | repo_compliance | high | 2 | Update the readme to match WordPress.org parser expectations. |
| Obfuscated code detected obfuscated_code_detected | supply_chain | critical | 2 | Ship readable source code and remove obfuscation. |
| plugin header invalid requires php plugin_header_invalid_requires_php | repo_compliance | high | 2 | Correct the plugin header metadata in the main plugin file. |
| readme invalid contributors readme_invalid_contributors | repo_compliance | high | 2 | Update the readme to match WordPress.org parser expectations. |
| parse str result Missing PluginCheck.CodeAnalysis.RequiredFunctionParameters.parse_str_resultMissing | maintainability | medium | 1 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| Missing Replacements WordPress.DB.PreparedSQLPlaceholders.MissingReplacements | security | critical | 1 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| Quoted Identifier Placeholder WordPress.DB.PreparedSQLPlaceholders.QuotedIdentifierPlaceholder | security | critical | 1 | Use valid `$wpdb->prepare()` placeholders and pass replacements separately. |
| mysql My SQLi WordPress.DB.RestrictedClasses.mysql__MySQLi | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql data seek WordPress.DB.RestrictedFunctions.mysql_mysql_data_seek | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql fetch object WordPress.DB.RestrictedFunctions.mysql_mysql_fetch_object | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field name WordPress.DB.RestrictedFunctions.mysql_mysql_field_name | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql field table WordPress.DB.RestrictedFunctions.mysql_mysql_field_table | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql info WordPress.DB.RestrictedFunctions.mysql_mysql_info | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql insert id WordPress.DB.RestrictedFunctions.mysql_mysql_insert_id | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysql stat WordPress.DB.RestrictedFunctions.mysql_mysql_stat | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli autocommit WordPress.DB.RestrictedFunctions.mysql_mysqli_autocommit | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli character set name WordPress.DB.RestrictedFunctions.mysql_mysqli_character_set_name | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli commit WordPress.DB.RestrictedFunctions.mysql_mysqli_commit | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli data seek WordPress.DB.RestrictedFunctions.mysql_mysqli_data_seek | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli driver WordPress.DB.RestrictedFunctions.mysql_mysqli_driver | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli options WordPress.DB.RestrictedFunctions.mysql_mysqli_options | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli ping WordPress.DB.RestrictedFunctions.mysql_mysqli_ping | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli real query WordPress.DB.RestrictedFunctions.mysql_mysqli_real_query | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt close WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_close | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| mysql mysqli stmt get result WordPress.DB.RestrictedFunctions.mysql_mysqli_stmt_get_result | maintainability | medium | 1 | Use `$wpdb` or a WordPress API instead of direct MySQL calls. |
| curl curl multi strerror WordPress.WP.AlternativeFunctions.curl_curl_multi_strerror | maintainability | medium | 1 | Use `wp_remote_get()`, `wp_remote_post()`, or related WordPress HTTP helpers. |
| get path to translation Found WordPress.WP.DeprecatedFunctions._get_path_to_translationFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| add object page Found WordPress.WP.DeprecatedFunctions.add_object_pageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| add utility page Found WordPress.WP.DeprecatedFunctions.add_utility_pageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| attribute escape Found WordPress.WP.DeprecatedFunctions.attribute_escapeFound | security | critical | 1 | Replace the deprecated usage with the current WordPress API. |
| clean url Found WordPress.WP.DeprecatedFunctions.clean_urlFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| get currentuserinfo Found WordPress.WP.DeprecatedFunctions.get_currentuserinfoFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| get post to edit Found WordPress.WP.DeprecatedFunctions.get_post_to_editFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| get users of blog Found WordPress.WP.DeprecatedFunctions.get_users_of_blogFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| global terms enabled Found WordPress.WP.DeprecatedFunctions.global_terms_enabledFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| image resize Found WordPress.WP.DeprecatedFunctions.image_resizeFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| is site admin Found WordPress.WP.DeprecatedFunctions.is_site_adminFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| js escape Found WordPress.WP.DeprecatedFunctions.js_escapeFound | security | critical | 1 | Replace the deprecated usage with the current WordPress API. |
| update user status Found WordPress.WP.DeprecatedFunctions.update_user_statusFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| user pass ok Found WordPress.WP.DeprecatedFunctions.user_pass_okFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp admin bar header Found WordPress.WP.DeprecatedFunctions.wp_admin_bar_headerFound | repo_compliance | high | 1 | Replace the deprecated usage with the current WordPress API. |
| wp get duotone filter svg Found WordPress.WP.DeprecatedFunctions.wp_get_duotone_filter_svgFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp get loading attr default Found WordPress.WP.DeprecatedFunctions.wp_get_loading_attr_defaultFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp get user request data Found WordPress.WP.DeprecatedFunctions.wp_get_user_request_dataFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp htmledit pre Found WordPress.WP.DeprecatedFunctions.wp_htmledit_preFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp img tag add loading attr Found WordPress.WP.DeprecatedFunctions.wp_img_tag_add_loading_attrFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp load image Found WordPress.WP.DeprecatedFunctions.wp_load_imageFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp preload dialogs Found WordPress.WP.DeprecatedFunctions.wp_preload_dialogsFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp richedit pre Found WordPress.WP.DeprecatedFunctions.wp_richedit_preFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp tiny mce Found WordPress.WP.DeprecatedFunctions.wp_tiny_mceFound | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Get delete post link Param2Found WordPress.WP.DeprecatedParameters.Get_delete_post_linkParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Get user option Param3Found WordPress.WP.DeprecatedParameters.Get_user_optionParam3Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Get wp title rss Param1Found WordPress.WP.DeprecatedParameters.Get_wp_title_rssParam1Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Register meta Param4Found WordPress.WP.DeprecatedParameters.Register_metaParam4Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Unregister setting Param3Found WordPress.WP.DeprecatedParameters.Unregister_settingParam3Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Wp install Param5Found WordPress.WP.DeprecatedParameters.Wp_installParam5Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Wp new user notification Param2Found WordPress.WP.DeprecatedParameters.Wp_new_user_notificationParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| wp post revision fields Param2Found WordPress.WP.DeprecatedParameters._wp_post_revision_fieldsParam2Found | maintainability | medium | 1 | Replace the deprecated usage with the current WordPress API. |
| Interpolated Variable Domain WordPress.WP.I18n.InterpolatedVariableDomain | i18n | low | 1 | Use stable, literal translation strings and the plugin's correct text domain. |
| Interpolated Variable Single WordPress.WP.I18n.InterpolatedVariableSingle | i18n | low | 1 | Use stable, literal translation strings and the plugin's correct text domain. |
| Interpolated Variable Singular WordPress.WP.I18n.InterpolatedVariableSingular | i18n | low | 1 | Use stable, literal translation strings and the plugin's correct text domain. |
| case sensitive files case_sensitive_files | maintainability | medium | 1 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| case sensitive folders case_sensitive_folders | maintainability | medium | 1 | Review the affected code and replace the pattern with the WordPress-recommended approach. |
| nonexistent tested upto header nonexistent_tested_upto_header | repo_compliance | high | 1 | Align the plugin header, readme, and release package metadata. |
| plugin header invalid plugin uri plugin_header_invalid_plugin_uri | repo_compliance | high | 1 | Correct the plugin header metadata in the main plugin file. |
| readme parser warnings requires header ignored readme_parser_warnings_requires_header_ignored | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |
| readme parser warnings trimmed section faq readme_parser_warnings_trimmed_section_faq | repo_compliance | high | 1 | Update the readme to match WordPress.org parser expectations. |