The all-in-one WordPress image optimization plugin. Disable thumbnails, compress images, convert to WebP & AVIF, clean your media library, and more.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
198
11 issue groups
Security
197
13 issue groups
I18n
2
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_cropped".96
- Category
- Maintainability
- Occurrences
- 96
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_cropped".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.41
- Category
- Maintainability
- Occurrences
- 41
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().38
- Category
- Maintainability
- Occurrences
- 38
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityRequest data is not unslashed$_GET['menu'] not unslashed before sanitization. Use wp_unslash() or similar28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
$_GET['menu'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.26
- Category
- Security
- Occurrences
- 26
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['menu']26
- Category
- Security
- Occurrences
- 26
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['menu']
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$feature['free']'.24
- Category
- Security
- Occurrences
- 24
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$feature['free']'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['_nonce']. Check that the array index exists before using it.19
- Category
- Security
- Occurrences
- 19
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['_nonce']. Check that the array index exists before using it.
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $attachment_ids16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $attachment_ids
Show 15 moreShow less
WARNINGSecurityInterpolated SQL is not prepared12
- Category
- Security
- Occurrences
- 12
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $data at "SELECT $data FROM $tablename WHERE action_id = %d"
ERRORSecurityDatabase parameter is not escaped8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
Unescaped parameter $data used in $wpdb->get_var()\n$data used without escaping.
ERRORSecurityLike Wildcards In Query7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE 'image%%'.
ERRORMaintainabilityMissing direct file access protection6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityDatabase parameter is not escaped4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Unescaped parameter $log_schema_table used in $wpdb->get_var()
WARNINGSecurityUnfinished Prepare4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Replacement variables found, but no valid placeholders found in the query.
ERRORMaintainabilityfile system operations is writable4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
WARNINGSecurityMissing nonce verification3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityfive star reviews detected3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Linking directly to 5 stars reviews is not allowed.
WARNINGMaintainabilityABSPATHDetected2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
WARNINGMaintainabilityNon-prefixed hook name2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "is_year_end_campaign_active".
WARNINGMaintainabilityerror log print r2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
WARNINGMaintainabilityerror log var dump2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
var_dump() found. Debug code should not normally be used in production.
ERRORI18nMissing Translators Comment2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilitybadly named files2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File and folder names must not contain spaces or special characters.
External Connections
Not analyzed yet.
Score History
2 score snapshots
v6.3.1
32
Latest
- Findings
- 409
- Errors
- 101
- Warnings
- 308
- Check
- 2.0.0
v6.3.0
33
Score
- Findings
- 390
- Errors
- 101
- Warnings
- 289
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 32 | 409 | 101 | 308 | v6.3.1 | 2.0.0 |
| 33 | 390 | 101 | 289 | v6.3.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
8k+ active installs
1m+ active installs
1k+ active installs
20k+ active installs
3k+ active installs