Hide unpublished pages in your custom menus.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 59:\n $sql = "SELECT `ID`, `post_title`, `post_status` FROM `" . $wpdb->prefix . "posts` WHERE `post_status` != 'publish' AND `ID` IN (" . implode(',',$ids) . ")"\n$ids assigned unsafely at line 50:\n $ids = r34hdm_get_item_ids($items)\n$items used without escaping. | 60:42 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 60:54 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$items[$key]'. | 118:60 | Security |
| ERROR | outdated_tested_upto_header | Tested up to: 6.5 < 6.8. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | — | Plugin Repo |
| WARNING | WordPress.DB.DirectDatabaseQuery.DirectQuery | Use of a direct database call is discouraged. | 60:38 | Security |
| WARNING | WordPress.DB.DirectDatabaseQuery.NoCaching | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 60:38 | Security |
| WARNING | textdomain_mismatch | The "Text Domain" header in the plugin file does not match the slug. Found "r34hdm", expected "hide-drafts-in-menus". | — | Plugin Repo |
| 15.11.2025, 01:53:20 | 10s | 97 | 4 | 3 |