Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,717
8 issue groups
I18n
590
3 issue groups
Maintainability
245
14 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$jsonp_callback($json)"'.1,402
- Category
- Security
- Occurrences
- 1,402
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$jsonp_callback($json)"'.
ERRORI18nText Domain MismatchMismatched text domain. Expected 'quadmenu' but got 'jetpack-assets'.473
- Category
- I18n
- Occurrences
- 473
- Severity
- error
Sample message
Mismatched text domain. Expected 'quadmenu' but got 'jetpack-assets'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$this".107
- Category
- Maintainability
- Occurrences
- 107
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$this".
WARNINGSecurityRecommendedProcessing form data without nonce verification.91
- Category
- Security
- Occurrences
- 91
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.90
- Category
- I18n
- Occurrences
- 90
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;73
- Category
- Maintainability
- Occurrences
- 73
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityMissing Unslash$_COOKIE['redux_update_check'] not unslashed before sanitization. Use wp_unslash() or similar71
- Category
- Security
- Occurrences
- 71
- Severity
- warning
Sample message
$_COOKIE['redux_update_check'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_COOKIE['redux_update_check']66
- Category
- Security
- Occurrences
- 66
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE['redux_update_check']
WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_COOKIE['redux_current_tab']. Check that the array index exists before using it.49
- Category
- Security
- Occurrences
- 49
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_COOKIE['redux_current_tab']. Check that the array index exists before using it.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to _x().27
- Category
- I18n
- Occurrences
- 27
- Severity
- error
Sample message
Missing $domain parameter in function call to _x().
Show 15 moreShow less
WARNINGSecurityMissing20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityUnsafe Printing Function15
- Category
- Security
- Occurrences
- 15
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilitywp function not compatible with requires wp15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- error
Sample message
Function "determine_locale()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.7.0.
WARNINGMaintainabilityNon Prefixed Hookname Found8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "admin_footer-widgets.php".
WARNINGMaintainabilityNon Prefixed Function Found7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_QuadMenu".
ERRORMaintainabilitystrip tags strip tags6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
WARNINGMaintainabilityNon Prefixed Class Found5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Browser".
WARNINGMaintainabilityDirect Query4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityMissing Version4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
ERRORMaintainabilityFound3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
The use of function _cleanup_header_comment() is forbidden
WARNINGSecuritywp redirect wp redirect3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORMaintainabilityGet terms Param2Found3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
WARNINGMaintainabilityNot In Footer3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
ERRORMaintainabilityNon Enqueued Stylesheet3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Stylesheets must be registered/enqueued via wp_enqueue_style()
Score History
First score snapshot
v3.3.4
24
Latest
- Findings
- 2,584
- Errors
- 2,129
- Warnings
- 455
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 2,584 | 2,129 | 455 | v3.3.4 | 2.0.0 |
Related Plugins
3k+ active installs
2k+ active installs
2k+ active installs
1k+ active installs
8k+ active installs
2k+ active installs