Top Issues by Category
security29
maintainability4
i18n3
Issues Details
38 issues found in latest scan
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a non-sanitized input variable: $_POST[$_POST['post_type'] . '_noncename']
Detected usage of a possibly undefined superglobal array index: $_POST[$_POST['post_type'] . '_noncename']. Check that the array index exists before using it.
$_POST[$_POST['post_type'] . '_noncename'] not unslashed before sanitization. Use wp_unslash() or similar
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
Sanitization missing for register_setting().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.
Processing form data without nonce verification.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Multiple placeholders in translatable strings should be ordered. Expected "%1\$s, %2\$s", but got "%s, %s" in "If you found this plugin useful, or I've already helped you, please consider buying me a %s coffee %s or two.".
Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ==="
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Tested up to: 4.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
One or more tags were ignored. Please limit your plugin to 5 tags.
Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 17 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST[$_POST['post_type'] . '_noncename'] | 3 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST[$_POST['post_type'] . '_noncename']. Check that the array index exists before using it. | 3 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST[$_POST['post_type'] . '_noncename'] not unslashed before sanitization. Use wp_unslash() or similar | 3 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| PluginCheck.CodeAnalysis.Offloading.OffloadedContent | ERROR | Offloading images, js, css, and other scripts to your servers or any remote service is disallowed. | 1 |
| PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | ERROR | Sanitization missing for register_setting(). | 1 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 1 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 1 |
| WordPress.WP.I18n.UnorderedPlaceholdersText | ERROR | Multiple placeholders in translatable strings should be ordered. Expected "%1\$s, %2\$s", but got "%s, %s" in "If you found this plugin useful, or I've already helped you, please consider buying me a %s coffee %s or two.". | 1 |
| invalid_plugin_name | ERROR | Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ===" | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 4.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
| trunk_stable_tag | ERROR | Incorrect Stable Tag. It's recommended not to use "Stable Tag: trunk". Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org. | 1 |
Latest Snapshot
Findings
38
Errors
26
Warnings
12
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.3.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.3.1
42
Latest
- Findings
- 38
- Errors
- 26
- Warnings
- 12
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 42 | 38 | 26 | 12 | v1.3.1 | 2.0.0 | 2026.06-mvp-static-v2 |
