Ally: Make your site more inclusive by scanning for accessibility violations, fixing them easily, and adding a usability widget and accessibility stat …
Category Scores
Top Issues by Category
security66
maintainability10
Issues Details
82 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.
Processing form data without nonce verification.
$_POST['data']['pointer'] not unslashed before sanitization. Use wp_unslash() or similar
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action".
Detected usage of a non-sanitized input variable: $_REQUEST['action']
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "edited_term".
The "elementor/files/svg/allowed" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_POST['data']['pointer']. Check that the array index exists before using it.
The "/vendor" directory using composer exists, but "composer.json" file is missing.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'. | 36 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 15 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['data']['pointer'] not unslashed before sanitization. Use wp_unslash() or similar | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action". | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_REQUEST['action'] | 4 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 4 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "edited_term". | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.InvalidPrefixPassed | WARNING | The "elementor/files/svg/allowed" prefix is not a valid namespace/function/class/variable/constant prefix in PHP. | 1 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['data']['pointer']. Check that the array index exists before using it. | 1 |
| five_star_reviews_detected | ERROR | Linking directly to 5 stars reviews is not allowed. | 1 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 1 |
| missing_composer_json_file | WARNING | The "/vendor" directory using composer exists, but "composer.json" file is missing. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_trimmed_short_description | WARNING | The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported. | 1 |
Latest Snapshot
Findings
82
Errors
47
Warnings
35
Score History
First score snapshot
First scan completed Jun 19, 2026
v4.1.2 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v4.1.2
41
Latest
- Findings
- 82
- Errors
- 47
- Warnings
- 35
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 41 | 82 | 47 | 35 | v4.1.2 | 2.0.0 | 2026.06-mvp-static-v2 |
