Documentation & Knowledge Base plugin to create docs, FAQs, product FAQ, wikis & help center with AI writing, instant answers & AI Chatbot.
Category Scores
Top Issues by Category
maintainability1,370
security369
performance56
Issues Details
1,914 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_analytics_body".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot read the file containing the closure: \"{$fileName}\"."'.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Use placeholders and $wpdb->prepare(); found interpolated variable $ids_placeholder at " AND {$this->wpdb->posts}.ID IN ($ids_placeholder)"
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wpins_form_text_' . $this->plugin_name".
Function "_build_block_template_result_from_post()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0.
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Processing form data without nonce verification.
$_COOKIE['last_knowledge_base'] not unslashed before sanitization. Use wp_unslash() or similar
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$author_avatar'.
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
Unescaped parameter $feelings used in $wpdb->query()\n$feelings assigned unsafely at line 153.
Detected usage of a non-sanitized input variable: $_GET['action']
Detected usage of meta_query, possible slow query.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$tagname".
var_export() found. Debug code should not normally be used in production.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Detected usage of tax_query, possible slow query.
Mismatched text domain. Expected 'betterdocs' but got 'plugin-domain'.
Detected usage of meta_key, possible slow query.
Setting `suppress_filters` to `true` is prohibited.
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_analytics_body". | 872 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 155 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot read the file containing the closure: \"{$fileName}\"."'. | 148 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 62 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 60 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $ids_placeholder at " AND {$this->wpdb->posts}.ID IN ($ids_placeholder)" | 53 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wpins_form_text_' . $this->plugin_name". | 52 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "_build_block_template_result_from_post()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0. | 47 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 46 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 40 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_COOKIE['last_knowledge_base'] not unslashed before sanitization. Use wp_unslash() or similar | 37 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$author_avatar'. | 33 |
| Internal.NoCodeFound | WARNING | No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them. | 23 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $feelings used in $wpdb->query()\n$feelings assigned unsafely at line 153. | 22 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['action'] | 22 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 17 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$tagname". | 16 |
| WordPress.PHP.DevelopmentFunctions.error_log_var_export | WARNING | var_export() found. Debug code should not normally be used in production. | 16 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 15 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $count | 14 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 14 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'betterdocs' but got 'plugin-domain'. | 13 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 12 |
| WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | ERROR | Setting `suppress_filters` to `true` is prohibited. | 10 |
| PluginCheck.CodeAnalysis.Offloading.OffloadedContent | ERROR | Offloading images, js, css, and other scripts to your servers or any remote service is disallowed. | 9 |
Latest Snapshot
Findings
1,914
Errors
508
Warnings
1,406
Score History
First score snapshot
First scan completed Jun 20, 2026
v4.5.4 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v4.5.4
20
Latest
- Findings
- 1,914
- Errors
- 508
- Warnings
- 1,406
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 20 | 1,914 | 508 | 1,406 | v4.5.4 | 2.0.0 | 2026.06-mvp-static-v2 |
