Name: Ninja Forms – The Contact Form Builder That Grows With You
Rating: 4.4
Author: Kevin Stover

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

1888 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$form_id'.	`includes/Display/Render.php:366:91`	Security
ERROR	`WordPress.WP.I18n.UnorderedPlaceholdersText`	Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$d", but got "%d, %d" in 'Rate limit exceeded. Maximum %d requests per %d seconds allowed.'.	`blocks/views/includes/Authentication/RateLimiter.php:69:25`	General
ERROR	`plugin_header_no_license`	Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.	`ninja-forms.php`	Plugin Repo
ERROR	`WordPress.DateTime.RestrictedFunctions.timezone_change_date_default_timezone_set`	Using date_default_timezone_set() and similar isn't allowed, instead use WP internal timezone support.	`ninja-forms.php:250:21`	—
ERROR	`WordPress.DateTime.RestrictedFunctions.date_date`	date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.	`ninja-forms.php:251:28`	—
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound`	Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "nf_init".	`ninja-forms.php:479:20`	Plugin Repo
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound`	Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "nf_admin_init".	`ninja-forms.php:529:20`	Plugin Repo
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`ninja-forms.php:550:39`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`ninja-forms.php:588:39`	Security
ERROR	`WordPress.WP.I18n.MissingArgDomain`	Missing $domain parameter in function call to __().	`ninja-forms.php:607:13`	General

1888 total row(s)


02.12.2025, 15:32:02	51s	1	782	1106
12.11.2025, 15:44:28	1m 19s	1	781	1102

Ninja Forms – The Contact Form Builder That Grows With You

Security1191

Plugin Repository287

General160

Performance144

includes/Admin/Menus/Submissions.php108 issues in this fileTotal: 108Errors: 12Warnings: 96

includes/Admin/Menus/Forms.php95 issues in this fileTotal: 95Errors: 8Warnings: 87

includes/Database/Models/Form.php67 issues in this fileTotal: 67Errors: 13Warnings: 54

ninja-forms.php55 issues in this fileTotal: 55Errors: 27Warnings: 28

includes/Admin/Menus/ImportExport.php50 issues in this fileTotal: 50Errors: 5Warnings: 45

includes/Display/Render.php46 issues in this fileTotal: 46Errors: 9Warnings: 37

includes/Admin/CPT/Submission.php36 issues in this fileTotal: 36Errors: 10Warnings: 26

includes/Database/Migrations.php36 issues in this fileTotal: 36Errors: 1Warnings: 35

includes/Libraries/EOS/Parser.php34 issues in this fileTotal: 34Errors: 34

includes/Routes/Submissions.php34 issues in this fileTotal: 34Warnings: 34