WP Booking Calendar plugin for full-day bookings, time-slot appointments, rentals & events. Accept bookings and inquiries with flexible contact forms
Category Scores
Top Issues by Category
maintainability33
security23
Issues Details
56 issues found in latest scan
Function "get_block_templates()" requires WordPress 5.8.0, but your plugin minimum supported version is WordPress 5.3.0.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "OBC_CHECK_URL".
Detected usage of a non-sanitized input variable: $_POST['ids']
Use placeholders and $wpdb->prepare(); found interpolated variable {$placeholders} at \t\t WHERE timeslot_id IN ({$placeholders})"
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BookingWidget".
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 300.
$_REQUEST['date_end'] not unslashed before sanitization. Use wp_unslash() or similar
Processing form data without nonce verification.
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using fwrite(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 2.
Replacement variables found, but no valid placeholders found in the query.
| Code | Type | Message | Count |
|---|---|---|---|
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_block_templates()" requires WordPress 5.8.0, but your plugin minimum supported version is WordPress 5.3.0. | 11 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "OBC_CHECK_URL". | 8 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['ids'] | 7 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable {$placeholders} at \t\t WHERE timeslot_id IN ({$placeholders})" | 6 |
| PluginCheck.CodeAnalysis.Heredoc.NotAllowed | ERROR | Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BookingWidget". | 4 |
| Internal.LineEndings.Mixed | WARNING | File has mixed line endings; this may cause incorrect results | 3 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 300. | 3 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_REQUEST['date_end'] not unslashed before sanitization. Use wp_unslash() or similar | 3 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 2 |
| PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite | ERROR | Plugin folders are deleted when upgraded. Do not save data to the plugin folder using fwrite(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber | WARNING | Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 2. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 1 |
| upgrade_notice_limit | WARNING | The upgrade notice for "11.0" exceeds the limit of 300 characters. | 1 |
Latest Snapshot
Findings
56
Errors
16
Warnings
40
Score History
First score snapshot
First scan completed Jun 20, 2026
v11.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v11.1
56
Latest
- Findings
- 56
- Errors
- 16
- Warnings
- 40
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 56 | 56 | 16 | 40 | v11.1 | 2.0.0 | 2026.06-mvp-static-v2 |
