List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!
Category Scores
Top Issues by Category
security152
i18n60
maintainability52
performance3
Issues Details
268 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$aria_current".
The $text parameter must be a single text string literal. Found: $excerpt
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Recent_Posts_Widget_With_Thumbnails".
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "register_recent_posts_widget_with_thumbnails".
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_excerpt".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
unlink() is discouraged. Use wp_delete_file() to delete a file.
wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead.
Mismatched Requires at least: 2.9 != 4.6. "Requires at least" needs to be exactly the same with that in your main plugin file's header.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$args['after_title']'. | 151 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$aria_current". | 37 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 29 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $excerpt | 29 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 3 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | WARNING | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 3 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 3 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 2 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | ERROR | Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Recent_Posts_Widget_With_Thumbnails". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "register_recent_posts_widget_with_thumbnails". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "the_excerpt". | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_chmod | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod(). | 1 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| WordPress.WP.DeprecatedFunctions.wp_get_sitesFound | WARNING | wp_get_sites() has been deprecated since WordPress version 4.6.0. Use get_sites() instead. | 1 |
| readme_mismatched_header_requires | ERROR | Mismatched Requires at least: 2.9 != 4.6. "Requires at least" needs to be exactly the same with that in your main plugin file's header. | 1 |
Latest Snapshot
Findings
268
Errors
222
Warnings
46
Score History
First score snapshot
First scan completed Jun 19, 2026
v7.1.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v7.1.1
37
Latest
- Findings
- 268
- Errors
- 222
- Warnings
- 46
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 37 | 268 | 222 | 46 | v7.1.1 | 2.0.0 | 2026.06-mvp-static-v2 |
