PluginScore

Brevo – Email, SMS, Web Push, Chat, and more.

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

v3.3.4BrevoUpdated Added 100k+ installs82% rating60% support resolved
Email Marketingbrevoformsnewslettersendinblue
20
Score
460
Errors
646
Warnings
+0
Change

Category Scores

Security0
Repo69
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,106 findings

Security

594

10 issue groups

Maintainability

448

14 issue groups

Supply Chain

5

1 issue group

WARNINGSecurityRequest data is not unslashed$_COOKIE['email_id'] not unslashed before sanitization. Use wp_unslash() or similar134
Category
Security
Occurrences
134
Severity
warning

Sample message

$_COOKIE['email_id'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $alter_query129
Category
Security
Occurrences
129
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $alter_query

WordPress.DB.PreparedSQL.NotPrepared
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;112
Category
Maintainability
Occurrences
112
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$attachment".84
Category
Maintainability
Occurrences
84
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$attachment".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" git push origin master gh-pages v$newVersion\n"'.82
Category
Security
Occurrences
82
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" git push origin master gh-pages v$newVersion\n"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.75
Category
Security
Occurrences
75
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.74
Category
Maintainability
Occurrences
74
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().74
Category
Maintainability
Occurrences
74
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.58
Category
Security
Occurrences
58
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[SIB_Push_Public::INSTALLATION_ID_COOKIE_NAME]43
Category
Security
Occurrences
43
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[SIB_Push_Public::INSTALLATION_ID_COOKIE_NAME]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
Show 15 more
ERRORSecurityDatabase parameter is not escaped35
Category
Security
Occurrences
35
Severity
error

Sample message

Unescaped parameter $alter_query used in $wpdb->query()\n$alter_query assigned unsafely at line 102.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityNon-prefixed class25
Category
Maintainability
Occurrences
25
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Mailin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGSecurityInput is not validated19
Category
Security
Occurrences
19
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['image']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityNon-prefixed hook name18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORMaintainabilityForbidden PHP function found12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

The use of function passthru() is forbidden

Generic.PHP.ForbiddenFunctions.Found
WARNINGMaintainabilityerror log error log12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
ERRORSecurityUnsafe printing function11
Category
Security
Occurrences
11
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGSecurityInput is not validated or sanitized8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"

WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized
ERRORMaintainabilitycurl curl setopt7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt
ERRORMaintainabilityparse url parse url7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityNon Enqueued Script7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
ERRORMaintainabilityNot Allowed6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed
WARNINGMaintainabilityNot In Footer5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
ERRORSupply ChainHidden files included5
Category
Supply Chain
Occurrences
5
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
ERRORMaintainabilitywp function not compatible with requires wp5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.4.0.

wp_function_not_compatible_with_requires_wpReference

External Connections

Not analyzed yet.

Score History

First score snapshot

v3.3.4

20

Latest

Findings
1,106
Errors
460
Warnings
646
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related

Yoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWooCommerce22 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreClassic Editor63 scoreAkismet Anti-spam: Spam Protection35 scoreAll-in-One WP Migration and Backup40 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreRank Math SEO – AI SEO Tools to Dominate SEO Rankings31 scoreReally Simple Security – Simple and Performant Security (formerly Really Simple SSL)19 scoreWPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More31 scoreHostinger Reach – AI-Powered Email Marketing for WordPress40 scoreMC4WP: Mailchimp for WordPress57 scoreFluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder22 scoreForminator Forms – Contact Form, Payment Form & Custom Form Builder24 score

Related Plugins

Block for Mailchimp – Add Email Subscription Forms and Collect Leads

2k+ active installs

100
Crowdsignal Forms

200k+ active installs

100
GetResponse Official

4k+ active installs

100
LeadConnector

20k+ active installs

100
Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More

80k+ active installs

100
WS Form LITE – Drag & Drop Contact Form Builder

10k+ active installs

100