Name: Patchstack – WordPress & Plugins Security
Rating: 4.9
Author: Patchstack

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

572 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound`	Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$php".	`includes/migrations/v303.php:33:5`	Plugin Repo
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound`	Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$exists".	`includes/migrations/v300.php:11:1`	Plugin Repo
ERROR	`WordPress.WP.EnqueuedResources.NonEnqueuedScript`	Scripts must be registered/enqueued via wp_enqueue_script()	`includes/views/captcha_invisible.php:10:1`	Performance
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'.	`includes/views/captcha_invisible.php:17:45`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $prefix used in $wpdb->get_var("SELECT COUNT(*) FROM " . $prefix . "options WHERE option_name = 'webarx_api_token'")\n$prefix used without escaping.	`includes/migrations/v300.php:11:18`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $prefix	`includes/migrations/v300.php:11:53`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'.	`includes/views/captcha_invisible.php:21:37`	Security
ERROR	`WordPress.DateTime.RestrictedFunctions.date_date`	date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.	`lib/patchstack/src/Extensions/WordPress/Extension.php:117:48`	—
ERROR	`WordPress.WP.EnqueuedResources.NonEnqueuedScript`	Scripts must be registered/enqueued via wp_enqueue_script()	`includes/views/captcha_v3.php:10:1`	Performance
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $prefix used in $wpdb->query('INSERT IGNORE INTO ' . $prefix . "options (option_name, option_value, autoload) SELECT REPLACE(option_name, 'webarx_', 'patchstack_') as option_name, option_value, autoload FROM " . $prefix . "options WHERE option_name like 'webarx_%'")\n$prefix used without escaping.	`includes/migrations/v300.php:13:9`	Security

572 total row(s)


03.12.2025, 12:02:10	16s	21	181	391
13.11.2025, 05:31:10	19s	21	193	392

Patchstack – WordPress & Plugins Security

Security420

Plugin Repository107

General18

includes/listener.php110 issues in this fileTotal: 110Errors: 4Warnings: 106

includes/activation.php29 issues in this fileTotal: 29Errors: 2Warnings: 27

includes/admin/multisite-table.php26 issues in this fileTotal: 26Errors: 2Warnings: 24

includes/hardening.php24 issues in this fileTotal: 24Errors: 6Warnings: 18

lib/patchstack/src/Extensions/WordPress/Extension.php24 issues in this fileTotal: 24Errors: 4Warnings: 20

includes/upload.php23 issues in this fileTotal: 23Errors: 5Warnings: 18

includes/login.php23 issues in this fileTotal: 23Errors: 3Warnings: 20

includes/migrations/v301.php22 issues in this fileTotal: 22Errors: 14Warnings: 8

lib/patchstack/src/Request.php19 issues in this fileTotal: 19Warnings: 19

includes/views/pages/license.php18 issues in this fileTotal: 18Errors: 14Warnings: 4