FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

v3.1.8WPManageNinjaUpdated Added 80k+ installs96% rating100% support resolved
24
Score
193
Errors
753
Warnings
+0
Change

Category Scores

Security0
Repo90
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

946 findings

Maintainability

563

16 issue groups

Security

280

7 issue groups

I18n

46

2 issue groups

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.138
Category
Maintainability
Occurrences
138
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().134
Category
Maintainability
Occurrences
134
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$align".127
Category
Maintainability
Occurrences
127
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$align".

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $indexSql used in $wpdb->query()\n$indexSql assigned unsafely at line 54.99
Category
Security
Occurrences
99
Severity
warning

Sample message

Unescaped parameter $indexSql used in $wpdb->query()\n$indexSql assigned unsafely at line 54.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.63
Category
Security
Occurrences
63
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $idsPlaceholder at "UPDATE {$table} SET status = 'processing', updated_at = %s WHERE id IN ($idsPlaceholder) AND status IN ('pending', 'scheduled')"50
Category
Security
Occurrences
50
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $idsPlaceholder at "UPDATE {$table} SET status = 'processing', updated_at = %s WHERE id IN ($idsPlaceholder) AND status IN ('pending', 'scheduled')"

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;40
Category
Maintainability
Occurrences
40
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.39
Category
Maintainability
Occurrences
39
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.39
Category
I18n
Occurrences
39
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not parse installed.json: {$path}"'.31
Category
Security
Occurrences
31
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not parse installed.json: {$path}"'.

Show 15 more
ERRORSecurityOutput is not escaped19
Category
Security
Occurrences
19
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Synced css-selector {$version} ({$reference}) into scoped-vendor.\n"'.

WARNINGMaintainabilityNon-prefixed function14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "copyDir".

ERRORMaintainabilitywp function not compatible with requires wp14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

Function "filter_block_content()" requires WordPress 5.3.1, but your plugin minimum supported version is WordPress 5.0.0.

WARNINGMaintainabilityNon-prefixed hook name13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'fluencrm_profile_section_' . $sectionId".

WARNINGSecurityRequest data is not unslashed10
Category
Security
Occurrences
10
Severity
warning

Sample message

$_POST[$fieldKey] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecuritywp redirect wp redirect8
Category
Security
Occurrences
8
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityerror log error log7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORMaintainabilityfile system operations fwrite7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORI18nUnordered Placeholders Text7
Category
I18n
Occurrences
7
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in 'Submission #%d - %s'.

WARNINGMaintainabilityDynamic hook name6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$argNumFilterName".

WARNINGMaintainabilityDiscouraged PHP function5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

The use of function ini_set() is discouraged

WARNINGMaintainabilityslow db query meta key5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityNon-prefixed constant5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CSS_SELECTOR_PACKAGE".

WARNINGMaintainabilityNot In Footer5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORMaintainabilityNot Allowed4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

External Connections

Potential connections found in static code analysis.

32 domains

Outbound calls

280

External assets

5

Incoming endpoints

15

Notable Domains

fluentcrm.com42 · outbound
fonts.googleapis.com12 · outbound
fonts.bunny.net6 · outbound
php-fig.org2 · outbound
api.anthropic.com1 · outbound
api.convertkit.com1 · outbound

Platform / Reference Domains

w3.org107 · platform/reference
github.com68 · platform/reference
opensource.org13 · platform/reference
wordpress.org7 · platform/reference

External Asset Domains

gmpg.org5 · asset

Incoming Endpoints

/wp-json/fluent-crm/v2/editor-patterns/(?P<id>\d+)REST

register_rest_route

/wp-json/fluent-crm/v2/editor-pattern-categoriesREST

register_rest_route

/wp-json/fluent-crm/v2/editor-patternsREST

register_rest_route

/wp-json/fluent-crm/v1/editor-autosaveREST

register_rest_route

/wp-json/fluent-crm/v2/editor/cart-productsREST

register_rest_route

wp_ajax_nopriv_fc_ab_fct_cart_skippublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_fc_ab_fct_cart_skipauthenticated

wp_ajax

wp_ajax_fluentcrm_renew_rest_nonceauthenticated

wp_ajax

Score History

4 score snapshots

+0
1007550250Jun 20, 2026, 01:07 AM UTC Score 24/100 Plugin v3.1.5 Plugin Check 2.0.0 193 errors, 766 warningsJun 20, 2026, 08:35 PM UTC Score 24/100 Plugin v3.1.6 Plugin Check 2.0.0 193 errors, 747 warningsJun 25, 2026, 06:18 PM UTC Score 24/100 Plugin v3.1.7 Plugin Check 2.0.0 193 errors, 753 warningsJun 30, 2026, 01:56 PM UTC Score 24/100 Plugin v3.1.8 Plugin Check 2.0.0 193 errors, 753 warningsJun 20, 2026Jun 30, 2026

v3.1.8

24

Latest

Findings
946
Errors
193
Warnings
753
Check
2.0.0

v3.1.7

24

Score

Findings
946
Errors
193
Warnings
753
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins