Name: CheckView – Form & Checkout Testing
Rating: 5
Author: CheckView

Issues Details

382 issues found in latest scan

	Code	Message	Location	Category
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $tablename used in $wpdb->get_results($wpdb->prepare( 'Select * from ' . $tablename . ' where status=%s order by ID ASC', 'published' ))\n$tablename assigned unsafely at line 1530:\n $tablename = $wpdb->prefix . 'fluentform_forms'\n$tablename assigned unsafely at line 1479:\n $tablename = $wpdb->prefix . 'gf_addon_feed'\n$tablename assigned unsafely at line 1471:\n $tablename = $wpdb->prefix . 'gf_form'\n$results assigned unsafely at line 1531:\n $results = $wpdb->get_results( $wpdb->prepare( 'Select * from ' . $tablename . ' where status=%s order by ID ASC', 'published' ) )\n$addons assigned unsafely at line 1480:\n $addons = $wpdb->get_results( $wpdb->prepare( 'Select * from ' . $tablename . ' where is_active=%d and form_id=%d', 1, $row->id ) )\n$row->id used without escaping.	`includes/API/class-checkview-api.php:1531:24`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $tablename used in $wpdb->get_row($wpdb->prepare( 'Select * from ' . $tablename . ' where id=%d and form_id=%d LIMIT 1', $entry_id, $form_id ))\n$tablename assigned unsafely at line 335:\n $tablename = $wpdb->prefix . 'gf_entry'\n$tablename assigned unsafely at line 306:\n $tablename = $wpdb->prefix . 'gf_entry_meta'\n$row assigned unsafely at line 336:\n $row = $wpdb->get_row( $wpdb->prepare( 'Select * from ' . $tablename . ' where id=%d and form_id=%d LIMIT 1', $entry_id, $form_id ), ARRAY_A )\n$entry_id used without escaping.\n$form_id used without escaping.\n$rows assigned unsafely at line 307:\n $rows = $wpdb->get_results( $wpdb->prepare( 'Select * from ' . $tablename . ' where entry_id=%d and form_id=%d order by id ASC', $entry_id, $form_id ) )	`includes/formhelpers/class-checkview-gforms-helper.php:336:18`	Security
ERROR	`PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound`	load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.	`includes/class-checkview.php:283:3`	Plugin Repo
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound`	Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CV_DISABLE_WEBHOOKS".	`admin/class-checkview-admin.php:525:21`	Plugin Repo
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $table_name	`includes/API/class-checkview-api.php:1934:56`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $tablename	`includes/formhelpers/class-checkview-gforms-helper.php:336:62`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 1934:\n $query = $wpdb->prepare( 'Select * from ' . $table_name . ' where uid=%s', $uid )\n$table_name assigned unsafely at line 1933:\n $table_name = $wpdb->prefix . 'cv_entry'\n$uid assigned unsafely at line 1922:\n $uid = isset( $uid ) ? sanitize_text_field( $uid ) : null\nNote: sanitize_text_field() is not a safe escaping function.\n$uid assigned unsafely at line 1921:\n $uid = $request->get_param( 'uid' )\n$request used without escaping.	`includes/API/class-checkview-api.php:1936:28`	Security
ERROR	`WordPress.WP.I18n.MissingArgDomain`	Missing $domain parameter in function call to translate().	`admin/class-checkview-admin.php:643:58`	General
ERROR	`license_mismatch`	Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.	`README.txt`	Plugin Repo
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $tablename used in $wpdb->get_results($wpdb->prepare( 'Select * from ' . $tablename . ' where post_id=%d', $entry_id ))\n$tablename assigned unsafely at line 194:\n $tablename = $wpdb->prefix . 'postmeta'\n$form_fields assigned unsafely at line 195:\n $form_fields = $wpdb->get_results( $wpdb->prepare( 'Select * from ' . $tablename . ' where post_id=%d', $entry_id ) )\n$entry_id assigned unsafely at line 162:\n $entry_id = isset( $form_data['actions']['save']['sub_id'] ) ? $form_data['actions']['save']['sub_id'] : 0\n$form_data['actions']['save']['sub_id'] used without escaping.	`includes/formhelpers/class-checkview-ninja-forms-helper.php:195:26`	Security

382 total row(s)


05.02.2026, 07:39:01	16s	39	102	280
17.12.2025, 14:00:22	18s	42	99	259
05.12.2025, 16:30:36	19s	42	99	258
15.11.2025, 16:51:39	26s	42	99	258

CheckView – Form & Checkout Testing

Security233

Plugin Repository64

Performance46

General12

includes/API/class-checkview-api.php71 issues in this fileTotal: 71Errors: 24Warnings: 47

includes/checkview-functions.php49 issues in this fileTotal: 49Errors: 8Warnings: 41

includes/formhelpers/class-checkview-formidable-helper.php39 issues in this fileTotal: 39Errors: 4Warnings: 35

admin/class-checkview-admin.php29 issues in this fileTotal: 29Errors: 10Warnings: 19

includes/formhelpers/class-checkview-wpforms-helper.php26 issues in this fileTotal: 26Warnings: 26

includes/class-checkview.php23 issues in this fileTotal: 23Errors: 1Warnings: 22

uninstall.php16 issues in this fileTotal: 16Errors: 5Warnings: 11

README.txt15 issues in this fileTotal: 15Errors: 1Warnings: 14

admin/class-checkview-admin-logs.php12 issues in this fileTotal: 12Errors: 10Warnings: 2

includes/formhelpers/class-checkview-fluent-forms-helper.php12 issues in this fileTotal: 12Errors: 4Warnings: 8