Very customizable plugin to list posts by category (or tag, author and more) in a post, page or widget. Uses the [catlist] shortcode to select posts.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
111
6 issue groups
Maintainability
54
10 issue groups
Performance
7
2 issue groups
I18n
5
3 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.62
- Category
- Security
- Occurrences
- 62
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.
ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.41
- Category
- Security
- Occurrences
- 41
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilitystrip tags strip tagsstrip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.37
- Category
- Maintainability
- Occurrences
- 37
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGPerformancePost Not In excludeUsing exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.6
- Category
- Performance
- Occurrences
- 6
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORSecurityregister setting MissingSanitization missing for register_setting().4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable {$collate} at "{$wp_posts}.post_title COLLATE {$collate} LIKE %s"2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$collate} at "{$wp_posts}.post_title COLLATE {$collate} LIKE %s"
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $value2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $value
WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
Show 13 moreShow less
WARNINGMaintainabilityslow db query tax query1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of tax_query, possible slow query.
ERRORMaintainabilitydate date1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityInput Not Sanitized1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_SERVER['QUERY_STRING']
WARNINGSecurityMissing Unslash1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
$_SERVER['QUERY_STRING'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityquery posts query posts1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
query_posts() is discouraged. Use WP_Query instead.
WARNINGMaintainabilitywp reset query wp reset query1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
WARNINGMaintainabilityMissing Version1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
ERRORI18nToo Many Function Args1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
Too many parameters passed to function "_e()". Expected: 2 parameters, received: 3
WARNINGPerformancePost Not In post not in1
- Category
- Performance
- Occurrences
- 1
- Severity
- warning
Sample message
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORRepo Complianceoutdated tested upto header1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
ERRORRepo Complianceplugin header no license1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
WARNINGMaintainabilityupgrade notice limit1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The upgrade notice for "0.34" exceeds the limit of 300 characters.
ERRORMaintainabilitywp function not compatible with requires wp1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Function "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.3.0.
Score History
First score snapshot
v0.95.0
36
Latest
- Findings
- 179
- Errors
- 162
- Warnings
- 17
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 36 | 179 | 162 | 17 | v0.95.0 | 2.0.0 |
Related Plugins
8k+ active installs
10k+ active installs
20k+ active installs
3k+ active installs
5k+ active installs
8k+ active installs