Custom Field Template

The Custom Field Template plugin extends the functionality of custom fields.

v2.7.8Hiroaki MiyashitaUpdated 2 months agoAdded 18 years ago30k+ installs80% rating0% support resolved

cft custom fields fields meta template

Score

521

Errors

618

Warnings

Change

Category Scores

Security0

Repo94

Performance100

Maintainability27

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,139 findings

Security

861

12 issue groups

Maintainability

267

12 issue groups

I18n

1 issue group

WARNINGSecurityRecommendedProcessing form data without nonce verification.205

Category: Security
Occurrences: 205
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORMaintainabilitywp function not compatible with requires wpFunction "_admin_search_query()" requires WordPress 2.7.0, but your plugin minimum supported version is WordPress 2.1.0.194

Category: Maintainability
Occurrences: 194
Severity: error

Sample message

Function "_admin_search_query()" requires WordPress 2.7.0, but your plugin minimum supported version is WordPress 2.1.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_FILES['cftfile']['tmp_name']149

Category: Security
Occurrences: 149
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['cftfile']['tmp_name']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityMissing Unslash$_POST['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar148

Category: Security
Occurrences: 148
Severity: warning

Sample message

$_POST['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$body'.141

Category: Security
Occurrences: 141
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$body'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.131

Category: Security
Occurrences: 131
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_FILES[$this->sanitize_name($title)]['name'][$tmp_parentSN+$gap]. Check that the array index exists before using it.70

Category: Security
Occurrences: 70
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[$this->sanitize_name($title)]['name'][$tmp_parentSN+$gap]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilityFoundThe use of function eval() is forbidden23

Category: Maintainability
Occurrences: 23
Severity: error

Sample message

The use of function eval() is forbidden

Generic.PHP.ForbiddenFunctions.Found

ERRORMaintainabilityPLUGINDIRUsage FoundFound usage of constant "PLUGINDIR". Use WP_PLUGIN_DIR instead.11

Category: Maintainability
Occurrences: 11
Severity: error

Sample message

Found usage of constant "PLUGINDIR". Use WP_PLUGIN_DIR instead.

WordPress.WP.DiscouragedConstants.PLUGINDIRUsageFound

WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'cft_'.rawurlencode($title)".10

Category: Maintainability
Occurrences: 10
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'cft_'.rawurlencode($title)".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

Show 15 more

ERRORSecurityNot Prepared9

Category: Security
Occurrences: 9
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $key

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityMissing Version8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

WARNINGMaintainabilityNot In Footer7

Category: Maintainability
Occurrences: 7
Severity: warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter

ERRORI18nMissing Arg Domain6

Category: I18n
Occurrences: 6
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

WARNINGMaintainabilityDirect Query4

Category: Maintainability
Occurrences: 4
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo Caching4

Category: Maintainability
Occurrences: 4
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGMaintainabilityNon Prefixed Function Found3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "esc_attr".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGSecurityMissing3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORSecurityUnescaped DBParameter2

Category: Security
Occurrences: 2
Severity: error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 3060.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityDiscouraged1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The use of function set_time_limit() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

WARNINGSecurityInterpolated Not Prepared1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $where at "`.meta_value = %s $where;"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

ERRORMaintainabilitydate date1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

WARNINGMaintainabilityNon Prefixed Class Found1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CFT_WP_Posts_List_Table".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGSecurityUsing FILE 1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Using __FILE__ for menu slugs risks exposing filesystem structure.

WordPress.Security.PluginMenuSlug.Using__FILE__

WARNINGSecurityattribute escape Found1

Category: Security
Occurrences: 1
Severity: warning

Sample message

attribute_escape() has been deprecated since WordPress version 2.8.0. Use esc_attr() instead.

WordPress.WP.DeprecatedFunctions.attribute_escapeFound

Score History

First score snapshot

2 days ago

v2.7.8

Latest

Findings: 1,139
Errors: 521
Warnings: 618
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	30	1,139	521	618	v2.7.8	2.0.0

Related Plugins

wp_head() cleaner

2k+ active installs

100

Ajax Load More for Advanced Custom Fields

2k+ active installs

MB Elementor Integration

2k+ active installs

CubeWP Forms

4k+ active installs

MB Rest API

1k+ active installs

Custom Shortcodes

6k+ active installs