WordPress popup plugin for easily creating a popup and modal window with any kind of content and settings.
Category Scores
Top Issues by Category
security99
maintainability75
Issues Details
174 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".
Processing form data without nonce verification.
Processing form data without nonce verification.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SELECT * FROM {$table} ORDER BY id DESC"
Detected usage of a non-sanitized input variable: $_POST['data']
Detected usage of a possibly undefined superglobal array index: $_POST['form_data']. Check that the array index exists before using it.
Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Wow_Company".
$_POST['param'] not unslashed before sanitization. Use wp_unslash() or similar
Plugin name "Modal Window - create popup modal window" is different from the name declared in plugin header "Modal Window".
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args". | 53 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 46 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 39 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 8 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 8 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SELECT * FROM {$table} ORDER BY id DESC" | 8 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['data'] | 3 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['form_data']. Check that the array index exists before using it. | 2 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 2 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.0.0. | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Wow_Company". | 1 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['param'] not unslashed before sanitization. Use wp_unslash() or similar | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Modal Window - create popup modal window" is different from the name declared in plugin header "Modal Window". | 1 |
Latest Snapshot
Findings
174
Errors
4
Warnings
170
Score History
First score snapshot
First scan completed Jun 20, 2026
v6.2.5 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v6.2.5
40
Latest
- Findings
- 174
- Errors
- 4
- Warnings
- 170
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 40 | 174 | 4 | 170 | v6.2.5 | 2.0.0 | 2026.06-mvp-static-v2 |
