← Back to Leaderboard
The official Constant Contact plugin adds a contact form to your WordPress site to quickly capture information from visitors.
80
Score
25
Errors
66
Warnings
20K
Installs
Security59
Repo20
Performance8
General4
Accessibility0
Top Issues by Category
Issues organized by category, type, and rule family
Top Issues by File
Files with the highest concentration of issues in the latest scan
Issues Details
91 issues found in latest scan
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | library_core_files | Library files that are already in the WordPress core are not permitted. | assets/js/ctct-plugin-admin/clipboard.js | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CCForm". | includes/class-beaver-builder.php:109:1 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "wpml_current_language". | includes/compatibility.php:142:41 | Plugin Repo |
| ERROR | WordPress.Security.EscapeOutput.ExceptionNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field'. | constant-contact-forms.php:620:79 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$labels'. | includes/class-builder-fields.php:912:40 | Security |
| ERROR | WordPress.Security.EscapeOutput.ExceptionNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field'. | includes/class-settings.php:1110:53 | Security |
| ERROR | WordPress.WP.I18n.MissingTranslatorsComment | A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | includes/class-api.php:1780:20 | General |
| ERROR | WordPress.WP.I18n.UnorderedPlaceholdersText | Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s, %3$s", but got "%s, %s, %s" in 'We have detected connection errors for your site, %s%s%s. Potentially a failed signup has been detected and will be retried automatically once a new connection has been established. Otherwise, issues with token refreshing have been detected. Please visit your site and perform the steps to reconnect the plugin at your earliest convenience.'. | includes/class-api.php:1781:13 | General |
| ERROR | WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | includes/helper-functions.php:287:9 | Plugin Repo |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'get_admin_page_title'. | includes/class-logging.php:229:28 | Security |
91 total row(s)
Scan History
4 scans recorded
| 15.12.2025, 14:30:29 | 24s | 80 | 25 | 66 |
| 03.12.2025, 21:30:48 | 24s | 80 | 25 | 66 |
| 18.11.2025, 02:46:27 | 35s | 81 | 24 | 62 |
| 13.11.2025, 06:34:46 | 33s | 81 | 24 | 62 |
4 total row(s)
Score Trend
Performance across 4 scans
Avg: 81
100
75
50
25
0
81.7
13.11
81.7
18.11
80.3
03.12
80.3
15.12
90-100
80-89
60-79
<60
Report an issue
Tell us if something in this report looks wrong or if you need a deeper audit for Constant Contact Forms. We read every submission and typically reply within a day.