Enable Bunny CDN to speed up your WordPress website and enjoy greatly improved loading times around the world.
Category Scores
Top Issues by Category
security164
maintainability74
repo_compliance2
Issues Details
241 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$agencyModeUrlSafe'.
trigger_error() found. Debug code should not normally be used in production.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$count".
$_GET['apiKey'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_GET['apiKey']
Processing form data without nonce verification.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data['Message']'.
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
unlink() is discouraged. Use wp_delete_file() to delete a file.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Detected usage of a possibly undefined superglobal array index: $_POST['url']. Check that the array index exists before using it.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Processing form data without nonce verification.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
Plugin name "bunny.net - WordPress CDN Plugin" is different from the name declared in plugin header "bunny.net".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
One or more tags were ignored. Please limit your plugin to 5 tags.
The plugin name includes a restricted term. Your chosen plugin name - "bunny.net - WordPress CDN Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$agencyModeUrlSafe'. | 83 |
| WordPress.PHP.DevelopmentFunctions.error_log_trigger_error | WARNING | trigger_error() found. Debug code should not normally be used in production. | 27 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$count". | 26 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['apiKey'] not unslashed before sanitization. Use wp_unslash() or similar | 22 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['apiKey'] | 20 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 17 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$data['Message']'. | 16 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 4 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 4 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['url']. Check that the array index exists before using it. | 3 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 2 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $sql | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching. | 1 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to esc_html__(). | 1 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "bunny.net - WordPress CDN Plugin" is different from the name declared in plugin header "bunny.net". | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "bunny.net - WordPress CDN Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name. | 1 |
Latest Snapshot
Findings
241
Errors
114
Warnings
127
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.0.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.0.1
36
Latest
- Findings
- 241
- Errors
- 114
- Warnings
- 127
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 36 | 241 | 114 | 127 | v3.0.1 | 2.0.0 | 2026.06-mvp-static-v2 |
