Never miss a single lead! Save and manage all Contact Form 7 and Elementor form submissions easily. View, Export, Analyze and Filter submissions.
Category Scores
Top Issues by Category
security197
maintainability130
Issues Details
460 issues found in latest scan
Mismatched text domain. Expected 'form-vibes' but got 'wpv-fv'.
$_GET['fv_nonce'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a possibly undefined superglobal array index: $_POST['ajaxNonce']. Check that the array index exists before using it.
Detected usage of a non-sanitized input variable: $_GET['fv_nonce']
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Use placeholders and $wpdb->prepare(); found interpolated variable $idsPlaceholder at "Delete from {$wpdb->prefix}fv_enteries where id IN ( $idsPlaceholder )"
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "fv_after_entry_meta_failed".
Unescaped parameter $data_query used in $wpdb->get_results()\n$data_query assigned unsafely at line 164.
Unescaped parameter $data_query used in $wpdb->get_results()\n$data_query assigned unsafely at line 125.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WPV_FV_MIN_VERSION".
Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.
Scripts must be registered/enqueued via wp_enqueue_script()
Detected usage of meta_key, possible slow query.
Detected usage of meta_value, possible slow query.
Detected usage of meta_query, possible slow query.
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '%%'.
Processing form data without nonce verification.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
Plugin name "Form Vibes - Database Manager for Forms" is different from the name declared in plugin header "Form Vibes".
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'form-vibes' but got 'wpv-fv'. | 124 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['fv_nonce'] not unslashed before sanitization. Use wp_unslash() or similar | 47 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 42 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['ajaxNonce']. Check that the array index exists before using it. | 42 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['fv_nonce'] | 40 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 34 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $idsPlaceholder at "Delete from {$wpdb->prefix}fv_enteries where id IN ( $idsPlaceholder )" | 32 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 19 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $data_query | 10 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "fv_after_entry_meta_failed". | 10 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $data_query used in $wpdb->get_results()\n$data_query assigned unsafely at line 164. | 9 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $data_query used in $wpdb->get_results()\n$data_query assigned unsafely at line 125. | 8 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WPV_FV_MIN_VERSION". | 6 |
| WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder | WARNING | Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s. | 5 |
| WordPress.WP.EnqueuedResources.NonEnqueuedScript | ERROR | Scripts must be registered/enqueued via wp_enqueue_script() | 5 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 4 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_value | WARNING | Detected usage of meta_value, possible slow query. | 4 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 3 |
| WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | ERROR | Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'. | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery | ERROR | SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '%%'. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Form Vibes - Database Manager for Forms" is different from the name declared in plugin header "Form Vibes". | 1 |
Latest Snapshot
Findings
460
Errors
176
Warnings
284
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.5.2 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.5.2
31
Latest
- Findings
- 460
- Errors
- 176
- Warnings
- 284
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 31 | 460 | 176 | 284 | v1.5.2 | 2.0.0 | 2026.06-mvp-static-v2 |
