Name: Burst Statistics – Privacy-Friendly Analytics for WordPress
Rating: 4.9
Author: Burst Statistics B.V.

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

483 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $custom_sql	`includes/Admin/Statistics/class-query-data.php:865:4`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`src/Frontend/Tracking/class-tracking.php:301:41`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $item used in $wpdb->get_results("SELECT ID, name FROM {$wpdb->prefix}burst_{$item}s")\n$item used without escaping.	`includes/Frontend/Tracking/class-tracking.php:464:23`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`includes/Frontend/Tracking/class-tracking.php:738:41`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $values	`includes/Frontend/Tracking/class-tracking.php:921:34`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql_string	`includes/Frontend/class-frontend-statistics.php:184:5`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql_string	`includes/Frontend/class-frontend-statistics.php:192:5`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`includes/Frontend/class-frontend-statistics.php:463:33`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 89:\n $sql = burst_loader()->admin->statistics->get_sql_table( $qd )\n$qd assigned unsafely at line 81:\n $qd = new Query_Data(\n\t\t\t[\n\t\t\t\t'date_start' => $start,\n\t\t\t\t'date_end' => $end,\n\t\t\t\t'select' => [ 'pageviews' ],\n\t\t\t]\n\t\t)\n$start used without escaping.\n$end used without escaping.	`includes/Admin/class-milestones.php:90:20`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`includes/Admin/class-milestones.php:90:29`	Security

483 total row(s)


24.12.2025, 12:31:20	29s	19	123	360
25.11.2025, 10:33:20	32s	16	227	368
12.11.2025, 18:16:57	43s	16	227	368

Burst Statistics – Privacy-Friendly Analytics for WordPress

Security474

Plugin Repository9

includes/Admin/DB_Upgrade/class-db-upgrade.php134 issues in this fileTotal: 134Errors: 33Warnings: 101

includes/Admin/Statistics/class-statistics.php80 issues in this fileTotal: 80Errors: 33Warnings: 47

includes/Admin/class-admin.php47 issues in this fileTotal: 47Errors: 10Warnings: 37

includes/Admin/Statistics/class-goal-statistics.php38 issues in this fileTotal: 38Errors: 12Warnings: 26

includes/Frontend/Tracking/class-tracking.php25 issues in this fileTotal: 25Errors: 3Warnings: 22

includes/Admin/App/class-app.php24 issues in this fileTotal: 24Errors: 5Warnings: 19

src/Frontend/Tracking/class-tracking.php20 issues in this fileTotal: 20Errors: 1Warnings: 19

includes/Admin/Statistics/class-summary.php19 issues in this fileTotal: 19Errors: 5Warnings: 14

includes/Traits/trait-database-helper.php19 issues in this fileTotal: 19Errors: 4Warnings: 15

includes/Frontend/class-frontend-statistics.php11 issues in this fileTotal: 11Errors: 3Warnings: 8