Patchstack automatically identifies and mitigates security vulnerabilities in WordPress plugins, themes, and core.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$mins". | 32:17 | Plugin Repo |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to esc_html__(). | 34:124 | General |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $where | 867:9 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$mins'. | 34:225 | Security |
| ERROR | WordPress.WP.AlternativeFunctions.rename_rename | rename() is discouraged. Use WP_Filesystem::move() to rename a file. | 11:6 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$sql". | 9:1 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$sql". | 28:1 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$sql". | 39:1 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$result". | 55:1 | Plugin Repo |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to esc_html__(). | 34:232 | General |
| 11/13/2025, 5:31:10 AM | 19s | 21 | 193 | 392 |