Dynamic Widgets gives you full control on which pages a widget will display. It lets you dynamicly show or hide widgets on WordPress pages.
Category Scores
Top Issues by Category
security754
maintainability485
i18n191
Issues Details
1,443 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$m".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$DW'.
The $domain parameter must be a single text string literal. Found: DW_L10N_DOMAIN
$_GET['dynwid_dump'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_GET['dynwid_dump']
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it.
Processing form data without nonce verification.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "DWMessageBox".
Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 124.
Processing form data without nonce verification.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DW_CLASSES".
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
The $text parameter must be a single text string literal. Found: $except
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
The parameter "array('get' => 'all')" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
Found single-underscore "_()" function when double-underscore expected.
Function "get_current_screen()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.0.
print_r() found. Debug code should not normally be used in production.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$m". | 358 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$DW'. | 264 |
| WordPress.WP.I18n.NonSingularStringLiteralDomain | ERROR | The $domain parameter must be a single text string literal. Found: DW_L10N_DOMAIN | 148 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['dynwid_dump'] not unslashed before sanitization. Use wp_unslash() or similar | 113 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['dynwid_dump'] | 99 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 75 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it. | 62 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $query | 39 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 39 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "DWMessageBox". | 33 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 124. | 31 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 31 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 24 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 23 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 23 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DW_CLASSES". | 17 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 10 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 8 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $except | 8 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 5 |
| WordPress.WP.DeprecatedParameters.Get_termsParam2Found | ERROR | The parameter "array('get' => 'all')" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter. | 5 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching. | 4 |
| WordPress.WP.I18n.SingleUnderscoreGetTextFunction | ERROR | Found single-underscore "_()" function when double-underscore expected. | 4 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_current_screen()" requires WordPress 3.1.0, but your plugin minimum supported version is WordPress 3.0.0. | 4 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 3 |
Latest Snapshot
Findings
1,443
Errors
631
Warnings
812
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.6.6 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.6.6
24
Latest
- Findings
- 1,443
- Errors
- 631
- Warnings
- 812
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 24 | 1,443 | 631 | 812 | v1.6.6 | 2.0.0 | 2026.06-mvp-static-v2 |
