CookieAdmin provides easy to configure cookie consent banner with GDPR and CCPA law support.
Category Scores
Top Issues by Category
security64
maintainability64
Issues Details
129 issues found in latest scan
Processing form data without nonce verification.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$no_cookies'.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT COUNT(*) FROM $table_name"
Function "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 4.4.0.
Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_register_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Unescaped parameter $table_name used in $wpdb->get_results()
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "softaculous_plugin_update_notice".
error_log() found. Debug code should not normally be used in production.
Detected usage of a non-sanitized input variable: $_COOKIE['cookieadmin_consent']
Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 403.
Replacement variables found, but no valid placeholders found in the query.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SOFTACULOUS_PLUGIN_UPDATE_NOTICE".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$content".
print_r() found. Debug code should not normally be used in production.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 30 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 16 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 15 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$no_cookies'. | 15 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 11 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $table_name at "SELECT COUNT(*) FROM $table_name" | 10 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 4.4.0. | 6 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $query | 3 |
| WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion | ERROR | Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_register_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development. | 3 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 3 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $table_name used in $wpdb->get_results() | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "softaculous_plugin_update_notice". | 2 |
| WordPress.PHP.DevelopmentFunctions.error_log_error_log | WARNING | error_log() found. Debug code should not normally be used in production. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_COOKIE['cookieadmin_consent'] | 2 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 403. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 1 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SOFTACULOUS_PLUGIN_UPDATE_NOTICE". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$content". | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 1 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 1 |
Latest Snapshot
Findings
129
Errors
43
Warnings
86
Score History
First score snapshot
First scan completed Jun 19, 2026
v1.2.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v1.2.1
37
Latest
- Findings
- 129
- Errors
- 43
- Warnings
- 86
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 37 | 129 | 43 | 86 | v1.2.1 | 2.0.0 | 2026.06-mvp-static-v2 |
