Easily export or import your WordPress customizer settings!
Category Scores
Top Issues by Category
security23
maintainability4
Issues Details
29 issues found in latest scan
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a possibly undefined superglobal array index: $_FILES['cei-import-file']. Check that the array index exists before using it.
Detected usage of a non-sanitized input variable: $_FILES['cei-import-file']['name']
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$cei_error'.
Processing form data without nonce verification.
$_REQUEST['cei-export'] not unslashed before sanitization. Use wp_unslash() or similar
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Function "wp_get_custom_css()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 3.6.0.
Processing form data without nonce verification.
One or more tags were ignored. Please limit your plugin to 5 tags.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 7 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES['cei-import-file']. Check that the array index exists before using it. | 5 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES['cei-import-file']['name'] | 4 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$cei_error'. | 2 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_REQUEST['cei-export'] not unslashed before sanitization. Use wp_unslash() or similar | 2 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 2 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "wp_get_custom_css()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 3.6.0. | 2 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
Latest Snapshot
Findings
29
Errors
14
Warnings
15
Score History
First score snapshot
First scan completed
v0.9.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v0.9.8
47
Latest
- Findings
- 29
- Errors
- 14
- Warnings
- 15
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 47 | 29 | 14 | 15 | v0.9.8 | 2.0.0 | 2026.06-mvp-static-v2 |
