Agile Store Locator is a premium store finder plugin designed to offer you immediate access to all the best stores in your local area.
Category Scores
Top Issues by Category
i18n1,723
security1,215
maintainability926
Issues Details
3,944 issues found in latest scan
Mismatched text domain. Expected 'agile-store-locator' but got "asl_locator".
Processing form data without nonce verification.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ct".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$all_configs['color_scheme']'.
Use placeholders and $wpdb->prepare(); found interpolated variable $aRow->categories at "categories WHERE id IN ($aRow->categories)"
Detected usage of a non-sanitized input variable: $_FILES["files"]
$_GET[$attr_name] not unslashed before sanitization. Use wp_unslash() or similar
Unescaped parameter $aRow->categories used in $wpdb->get_results()\n$aRow->categories used without escaping.
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_FILES["files"]. Check that the array index exists before using it.
Unescaped parameter $prefix used in $wpdb->get_results()
Function "has_shortcode()" requires WordPress 3.6.0, but your plugin minimum supported version is WordPress 3.3.2.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "asl_admin_route_filter".
Attempting a database schema change is discouraged.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
The $text parameter must be a single text string literal. Found: $aRow->country
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "ALLOW_UNFILTERED_UPLOADS".
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'agile-store-locator' but got "asl_locator". | 1,677 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 271 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 268 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 250 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ct". | 186 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $args | 183 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$all_configs['color_scheme']'. | 175 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $aRow->categories at "categories WHERE id IN ($aRow->categories)" | 125 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES["files"] | 99 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET[$attr_name] not unslashed before sanitization. Use wp_unslash() or similar | 95 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $aRow->categories used in $wpdb->get_results()\n$aRow->categories used without escaping. | 91 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 87 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 51 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES["files"]. Check that the array index exists before using it. | 48 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $prefix used in $wpdb->get_results() | 44 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "has_shortcode()" requires WordPress 3.6.0, but your plugin minimum supported version is WordPress 3.3.2. | 36 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 33 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "asl_admin_route_filter". | 29 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 27 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 27 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 18 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 13 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $aRow->country | 13 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "ALLOW_UNFILTERED_UPLOADS". | 10 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function ini_set() is discouraged | 8 |
Latest Snapshot
Findings
3,944
Errors
2,372
Warnings
1,572
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.6.10 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.6.10
21
Latest
- Findings
- 3,944
- Errors
- 2,372
- Warnings
- 1,572
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 21 | 3,944 | 2,372 | 1,572 | v1.6.10 | 2.0.0 | 2026.06-mvp-static-v2 |
