Increase Sales, Lead Generation, Conversion rates and receive good Call to Action rates with smart WordPress popup plugin.
Category Scores
Top Issues by Category
maintainability452
security296
Issues Details
748 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$URL".
Processing form data without nonce verification.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Use placeholders and $wpdb->prepare(); found interpolated variable $columns_name_placeholders at "SELECT $table.$columns_name_placeholders FROM `$table`"
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "autoCloseOptions".
Unescaped parameter $deleteTable used in $wpdb->query()\n$deleteTable assigned unsafely at line 248.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
Function "add_term_meta()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.2.0.
$_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Attempting a database schema change is discouraged.
Processing form data without nonce verification.
wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead.
Detected usage of a non-sanitized input variable: $_GET['post']
Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
Replacement variables found, but no valid placeholders found in the query.
Detected usage of tax_query, possible slow query.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$option".
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "ConfigDataHelper".
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name".
Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$URL". | 184 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 163 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 79 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 78 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $columns_name_placeholders at "SELECT $table.$columns_name_placeholders FROM `$table`" | 70 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "autoCloseOptions". | 70 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $deleteTable used in $wpdb->query()\n$deleteTable assigned unsafely at line 248. | 27 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 22 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "add_term_meta()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.2.0. | 18 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['post'] not unslashed before sanitization. Use wp_unslash() or similar | 7 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 7 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 4 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 4 |
| WordPress.WP.DeprecatedFunctions.wp_get_sitesFound | WARNING | wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead. | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['post'] | 2 |
| update_modification_detected | WARNING | Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins | 2 |
| Internal.NoCodeFound | WARNING | No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 1 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$option". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "ConfigDataHelper". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name". | 1 |
| plugin_updater_detected | ERROR | Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins | 1 |
Latest Snapshot
Findings
748
Errors
26
Warnings
722
Score History
First score snapshot
First scan completed
v4.4.4 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v4.4.4
30
Latest
- Findings
- 748
- Errors
- 26
- Warnings
- 722
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 30 | 748 | 26 | 722 | v4.4.4 | 2.0.0 | 2026.06-mvp-static-v2 |
