Boost your gamification marketing & reward your users with points, achievements, badges & ranks to increase your site activity & loyalty!
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
3,149
11 issue groups
I18n
1,689
4 issue groups
Maintainability
1,529
9 issue groups
Performance
22
1 issue group
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$title</label>\n"'.1,270
- Category
- Security
- Occurrences
- 1,270
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$title</label>\n"'.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.1,017
- Category
- I18n
- Occurrences
- 1,017
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $id_list at "SELECT {$primary_key}, meta_key, meta_value FROM {$meta_table_name} WHERE {$primary_key} IN ($id_list) ORDER BY {$meta_primary_key} ASC"526
- Category
- Security
- Occurrences
- 526
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $id_list at "SELECT {$primary_key}, meta_key, meta_value FROM {$meta_table_name} WHERE {$primary_key} IN ($id_list) ORDER BY {$meta_primary_key} ASC"
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.406
- Category
- Maintainability
- Occurrences
- 406
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().400
- Category
- Maintainability
- Occurrences
- 400
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORI18nText Domain MismatchMismatched text domain. Expected 'gamipress' but got 'cmb2'.353
- Category
- I18n
- Occurrences
- 353
- Severity
- error
Sample message
Mismatched text domain. Expected 'gamipress' but got 'cmb2'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.332
- Category
- Security
- Occurrences
- 332
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityRequest data is not unslashed$_GET[$field_id] not unslashed before sanitization. Use wp_unslash() or similar202
- Category
- Security
- Occurrences
- 202
- Severity
- warning
Sample message
$_GET[$field_id] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$last_points_key".196
- Category
- Maintainability
- Occurrences
- 196
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$last_points_key".
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().166
- Category
- I18n
- Occurrences
- 166
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
Show 15 moreShow less
WARNINGSecurityInput is not sanitized160
- Category
- Security
- Occurrences
- 160
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['file']['tmp_name']
WARNINGMaintainabilityNon-prefixed hook name157
- Category
- Maintainability
- Occurrences
- 157
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'add_meta_boxes_' . self::$props[ $this->id ]['hook']".
ERRORI18nUnordered Placeholders Text153
- Category
- I18n
- Occurrences
- 153
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$d", but got "%d, %d" in '%d of %d times earned'.
ERRORMaintainabilityMissing direct file access protection141
- Category
- Maintainability
- Occurrences
- 141
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityDatabase parameter is not escaped131
- Category
- Security
- Occurrences
- 131
- Severity
- error
Sample message
Unescaped parameter $appointment_id used in $wpdb->get_var()\n$appointment_id used without escaping.
WARNINGSecurityDatabase parameter is not escaped129
- Category
- Security
- Occurrences
- 129
- Severity
- warning
Sample message
Unescaped parameter $boards used in $wpdb->get_results()\n$boards assigned unsafely at line 30.
WARNINGSecurityMissing nonce verification125
- Category
- Security
- Occurrences
- 125
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityUnsafe printing function118
- Category
- Security
- Occurrences
- 118
- Severity
- error
Sample message
All output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.
ERRORSecuritySQL query is not prepared106
- Category
- Security
- Occurrences
- 106
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found !
WARNINGMaintainabilityNon-prefixed function95
- Category
- Maintainability
- Occurrences
- 95
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "CT_Ajax_List_Table".
ERRORMaintainabilitydate date80
- Category
- Maintainability
- Occurrences
- 80
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityInput is not validated50
- Category
- Security
- Occurrences
- 50
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['file']['tmp_name']. Check that the array index exists before using it.
ERRORMaintainabilitywp function not compatible with requires wp31
- Category
- Maintainability
- Occurrences
- 31
- Severity
- error
Sample message
Function "apply_filters_deprecated()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.4.0.
WARNINGMaintainabilityNon-prefixed class23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CMB_EDD_SL_Plugin_Updater".
WARNINGPerformancePost Not In exclude22
- Category
- Performance
- Occurrences
- 22
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Score History
First score snapshot
v7.9.3
23
Latest
- Findings
- 6,633
- Errors
- 3,662
- Warnings
- 2,971
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 6,633 | 3,662 | 2,971 | v7.9.3 | 2.0.0 |
Related Plugins
30k+ active installs
1k+ active installs
2k+ active installs
3k+ active installs
7k+ active installs
