PluginScore

Flamingo

A trustworthy message storage plugin for Contact Form 7.

v2.6.2Rock Lobster Inc.Updated Added 800k+ installs84% rating67% support resolved
birdcontactcrmmail
40
Score
15
Errors
228
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance98
Maintainability76

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

243 findings

Security

193

4 issue groups

Maintainability

49

8 issue groups

Performance

1

1 issue group

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.85
Category
Security
Occurrences
85
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['contact_tag_id']51
Category
Security
Occurrences
51
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['contact_tag_id']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_GET['contact_tag_id'] not unslashed before sanitization. Use wp_unslash() or similar51
Category
Security
Occurrences
51
Severity
warning

Sample message

$_GET['contact_tag_id'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityslow db query meta valueDetected usage of meta_value, possible slow query.6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['contact']. Check that the array index exists before using it.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['contact']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "manage_flamingo_contact_posts_columns".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "manage_flamingo_contact_posts_columns".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$nonce_action".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$nonce_action".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityslow db query tax queryDetected usage of tax_query, possible slow query.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_tax_query
Show 3 more
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGPerformancePost Not In exclude1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.6.2

40

Latest

Findings
243
Errors
15
Warnings
228
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related

Contact Form 769 scoreYoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWooCommerce22 scoreAll-in-One WP Migration and Backup40 scoreElementor Website Builder – more than just a page builder35 scoreAkismet Anti-spam: Spam Protection35 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreFluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider29 scoreReally Simple CAPTCHA98 scoreHubSpot All-In-One Marketing – Forms, Popups, Live Chat97 scoreMW WP Form27 scoreKadence WooCommerce Email Designer34 scoreFluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution24 score

Related Plugins

Contact Form Query

1k+ active installs

100
LeadConnector

20k+ active installs

100
SMTP for Contact Form 7

1k+ active installs

99
Very Simple Google Maps

3k+ active installs

99
Contact Form Clean and Simple

7k+ active installs

98
Contact Form 7 IE DatePicker and Number Spinner Fix

1k+ active installs

97