Name: Newsletter – Send awesome emails from WordPress
Rating: 4.6
Author: Stefano Lissa

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

3001 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found orderby_column	`includes/paginator.php:77:158`	Security
ERROR	`WordPress.WP.I18n.MissingArgDomain`	Missing $domain parameter in function call to esc_html_e().	`composer/modals/attachment.php:3:15`	General
ERROR	`WordPress.WP.I18n.MissingArgDomain`	Missing $domain parameter in function call to esc_html_e().	`composer/modals/attachment.php:4:126`	General
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 77:\n $query = $wpdb->prepare("SELECT " . $this->get_columns_query() . " FROM " . $this->table . $this->get_where_clause() . " ORDER BY " . $this->orderby_column . " DESC LIMIT %d,%d",\n ( $this->current_page - 1 ) * $this->items_per_page, $this->items_per_page)	`includes/paginator.php:80:39`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`includes/paginator.php:80:51`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $where	`includes/paginator.php:117:33`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['before_widget']'.	`widget/standard.php:47:14`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['before_title']'.	`widget/standard.php:51:18`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->query($query)\n$query used without escaping.	`includes/addon-admin.php:171:21`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`includes/addon-admin.php:171:27`	Security

3001 total row(s)


09.12.2025, 07:02:28	39s	1	2235	766
24.11.2025, 13:02:56	44s	1	2233	760
12.11.2025, 17:58:01	50s	1	2233	760

Newsletter – Send awesome emails from WordPress

Security1443

Plugin Repository1418

General44

Performance19

system/status.php196 issues in this fileTotal: 196Errors: 136Warnings: 60

emails/edit.php142 issues in this fileTotal: 142Errors: 120Warnings: 22

users/massive.php103 issues in this fileTotal: 103Errors: 55Warnings: 48

includes/module-base.php96 issues in this fileTotal: 96Errors: 37Warnings: 59

main/flow.php75 issues in this fileTotal: 75Errors: 75

system/delivery.php68 issues in this fileTotal: 68Errors: 65Warnings: 3

main/index.php61 issues in this fileTotal: 61Errors: 43Warnings: 18

header.php59 issues in this fileTotal: 59Errors: 38Warnings: 21

users/statistics.php59 issues in this fileTotal: 59Errors: 36Warnings: 23

includes/store.php56 issues in this fileTotal: 56Errors: 12Warnings: 44