Desert Companion

Desert Companion Enhances Desert Themes with additional functionality.

v1.0.98Desert ThemesUpdated 2026-05-20Added Aug 28, 202220k+ installs74% rating

admin companion homepage projects widgets

Score

410

Errors

830

Warnings

Change

Category Scores

Security80

Repo100

Performance93

Maintainability0

Top Issues by Category

maintainability1,129

1Non Prefixed Variable FoundWordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFoundWARNING802 2missing direct file access protectionmissing_direct_file_access_protectionERROR296 3unlink unlinkWordPress.WP.AlternativeFunctions.unlink_unlinkERROR7 4Non Prefixed Function FoundWordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFoundWARNING5 5file system operations fopenWordPress.WP.AlternativeFunctions.file_system_operations_fopenERROR4 6Direct QueryWordPress.DB.DirectDatabaseQuery.DirectQueryWARNING3 7get page by title FoundWordPress.WP.DeprecatedFunctions.get_page_by_titleFoundWARNING3 8wp function not compatible with requires wpwp_function_not_compatible_with_requires_wpERROR3 9No CachingWordPress.DB.DirectDatabaseQuery.NoCachingWARNING2 10FoundGeneric.PHP.ForbiddenFunctions.FoundERROR1 11file system operations chmodWordPress.WP.AlternativeFunctions.file_system_operations_chmodERROR1 12file system operations fcloseWordPress.WP.AlternativeFunctions.file_system_operations_fcloseERROR1 13file system operations mkdirWordPress.WP.AlternativeFunctions.file_system_operations_mkdirERROR1

i18n96

1Text Domain MismatchWordPress.WP.I18n.TextDomainMismatchERROR78 2Missing Translators CommentWordPress.WP.I18n.MissingTranslatorsCommentERROR13 3Unordered Placeholders TextWordPress.WP.I18n.UnorderedPlaceholdersTextERROR5

performance11

1Post Not In post not inWordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_inWARNING11

security4

Issues Details

1,240 issues found in latest scan

WARNING802

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ImageId".

ERROR296

missing_direct_file_access_protection

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERROR78

WordPress.WP.I18n.TextDomainMismatch

Mismatched text domain. Expected 'desert-companion' but got 'chromax-pro'.

ERROR13

WordPress.WP.I18n.MissingTranslatorsComment

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNING11

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in

Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

ERROR7

WordPress.WP.AlternativeFunctions.unlink_unlink

unlink() is discouraged. Use wp_delete_file() to delete a file.

WARNING5

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "corvine_site_header".

ERROR5

WordPress.WP.I18n.UnorderedPlaceholdersText

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s “%s” already exists.'.

ERROR4

WordPress.WP.AlternativeFunctions.file_system_operations_fopen

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WARNING3

WordPress.DB.DirectDatabaseQuery.DirectQuery

Use of a direct database call is discouraged.

WARNING3

WordPress.WP.DeprecatedFunctions.get_page_by_titleFound

get_page_by_title() has been deprecated since WordPress version 6.2.0. Use WP_Query instead.

ERROR3

wp_function_not_compatible_with_requires_wp

Function "wp_slash_strings_only()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.6.0.

WARNING2

WordPress.DB.DirectDatabaseQuery.NoCaching

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNING2

WordPress.Security.NonceVerification.Recommended

Processing form data without nonce verification.

ERROR1

Generic.PHP.ForbiddenFunctions.Found

The use of function wp_get_sidebars_widgets() is forbidden

WARNING1

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Detected usage of a non-sanitized input variable: $_POST['desert_import_nonce']

WARNING1

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Detected usage of a possibly undefined superglobal array index: $_POST['theme_id']. Check that the array index exists before using it.

ERROR1

WordPress.WP.AlternativeFunctions.file_system_operations_chmod

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

ERROR1

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERROR1

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

Code	Type	Message	Count
WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound	WARNING	Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ImageId".	802
missing_direct_file_access_protection	ERROR	PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;	296
WordPress.WP.I18n.TextDomainMismatch	ERROR	Mismatched text domain. Expected 'desert-companion' but got 'chromax-pro'.	78
WordPress.WP.I18n.MissingTranslatorsComment	ERROR	A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.	13
WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in	WARNING	Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.	11
WordPress.WP.AlternativeFunctions.unlink_unlink	ERROR	unlink() is discouraged. Use wp_delete_file() to delete a file.	7
WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound	WARNING	Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "corvine_site_header".	5
WordPress.WP.I18n.UnorderedPlaceholdersText	ERROR	Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%s “%s” already exists.'.	5
WordPress.WP.AlternativeFunctions.file_system_operations_fopen	ERROR	File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().	4
WordPress.DB.DirectDatabaseQuery.DirectQuery	WARNING	Use of a direct database call is discouraged.	3
WordPress.WP.DeprecatedFunctions.get_page_by_titleFound	WARNING	get_page_by_title() has been deprecated since WordPress version 6.2.0. Use WP_Query instead.	3
wp_function_not_compatible_with_requires_wp	ERROR	Function "wp_slash_strings_only()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.6.0.	3
WordPress.DB.DirectDatabaseQuery.NoCaching	WARNING	Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().	2
WordPress.Security.NonceVerification.Recommended	WARNING	Processing form data without nonce verification.	2
Generic.PHP.ForbiddenFunctions.Found	ERROR	The use of function wp_get_sidebars_widgets() is forbidden	1
WordPress.Security.ValidatedSanitizedInput.InputNotSanitized	WARNING	Detected usage of a non-sanitized input variable: $_POST['desert_import_nonce']	1
WordPress.Security.ValidatedSanitizedInput.InputNotValidated	WARNING	Detected usage of a possibly undefined superglobal array index: $_POST['theme_id']. Check that the array index exists before using it.	1
WordPress.WP.AlternativeFunctions.file_system_operations_chmod	ERROR	File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().	1
WordPress.WP.AlternativeFunctions.file_system_operations_fclose	ERROR	File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().	1
WordPress.WP.AlternativeFunctions.file_system_operations_mkdir	ERROR	File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().	1

Latest Snapshot

Findings

1,240

Errors

410

Warnings

830

Score History

First score snapshot

First scan completed Jun 20, 2026

v1.0.98 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2

Jun 20, 2026

v1.0.98

Latest

Findings: 1,240
Errors: 410
Warnings: 830
Plugin Check: 2.0.0
Model: 2026.06-mvp-static-v2

Scan	Score	Findings	Errors	Warnings	Plugin	Plugin Check	Model
Jun 20, 2026Latest	68	1,240	410	830	v1.0.98	2.0.0	2026.06-mvp-static-v2

Related Plugins

PufferDesk

0 active installs

admin dashboard desktop

100

Add Admin CSS

10k+ active installs

admin admin theme css

Clever Fox

30k+ active installs

One Click Demo companion customizer

Display PHP Version

30k+ active installs

admin dashboard server

Redux Framework

900k+ active installs

admin options options framework

Featured Image Admin Thumb

20k+ active installs

admin featured image