Instantly filter any WordPress content & WooCommerce products by attributes, taxonomies, custom fields + AJAX, Elementor, automatic filter creation.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
572
10 issue groups
Security
527
11 issue groups
I18n
134
3 issue groups
Performance
12
1 issue group
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<tr{$class}>"'.306
- Category
- Security
- Occurrences
- 306
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<tr{$class}>"'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_meta".268
- Category
- Maintainability
- Occurrences
- 268
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_meta".
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wpc_after_sections_settings_fields_' . $section['id']".204
- Category
- Maintainability
- Occurrences
- 204
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wpc_after_sections_settings_fields_' . $section['id']".
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().68
- Category
- I18n
- Occurrences
- 68
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityRecommendedProcessing form data without nonce verification.55
- Category
- Security
- Occurrences
- 55
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.55
- Category
- I18n
- Occurrences
- 55
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$cookieName]32
- Category
- Security
- Occurrences
- 32
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[$cookieName]
WARNINGSecurityMissing Unslash$_COOKIE[$cookieName] not unslashed before sanitization. Use wp_unslash() or similar30
- Category
- Security
- Occurrences
- 30
- Severity
- warning
Sample message
$_COOKIE[$cookieName] not unslashed before sanitization. Use wp_unslash() or similar
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $query29
- Category
- Security
- Occurrences
- 29
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching27
- Category
- Maintainability
- Occurrences
- 27
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityUnescaped DBParameter17
- Category
- Security
- Occurrences
- 17
- Severity
- error
Sample message
Unescaped parameter $key used in $wpdb->get_results()\n$key assigned unsafely at line 178.
ERRORSecurityQuoted Simple Placeholder16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
WARNINGSecurityMissing16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput Not Validated14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.
WARNINGPerformancePost Not In exclude12
- Category
- Performance
- Occurrences
- 12
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORI18nUnordered Placeholders Text11
- Category
- I18n
- Occurrences
- 11
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'Use «%d» as the id for the widget with the title «%s»'.
WARNINGMaintainabilityNon Prefixed Function Found10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "fltr_get_url_from_absolute_path".
ERRORMaintainabilitywp function not compatible with requires wp10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
Function "determine_locale()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.6.0.
ERRORMaintainabilitybadly named files8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
File and folder names must not contain spaces or special characters.
WARNINGSecurityInterpolated Not Prepared6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $fieldExpr at AND TIME(CONVERT_TZ(FROM_UNIXTIME($fieldExpr), 'UTC', %s)) >= %s\n
WARNINGSecuritywp redirect wp redirect6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORMaintainabilityparse url parse url6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityrand rand6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
WARNINGMaintainabilityNot In Footer6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Score History
First score snapshot
v1.9.2.2
20
Latest
- Findings
- 1,298
- Errors
- 568
- Warnings
- 730
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 20 | 1,298 | 568 | 730 | v1.9.2.2 | 2.0.0 |
Related Plugins
8k+ active installs
10k+ active installs
5k+ active installs
3k+ active installs
6k+ active installs
30k+ active installs