reSmush.it is the FREE image compressor and optimizer plugin - use it to optimize your images and improve the SEO and performance of your website.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
86
8 issue groups
Maintainability
82
14 issue groups
I18n
21
3 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='optimized-wrapper $additionnalClassNoNeedOptimization'><h3 class='icon_message ok'>"'.38
- Category
- Security
- Occurrences
- 38
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='optimized-wrapper $additionnalClassNoNeedOptimization'><h3 class='icon_message ok'>"'.
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.11
- Category
- I18n
- Occurrences
- 11
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.10
- Category
- Security
- Occurrences
- 10
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityRequest data is not unslashed$_POST['data']['disabled'] not unslashed before sanitization. Use wp_unslash() or similar9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
$_POST['data']['disabled'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORSecuritySetting is missing a sanitization callbackSanitization missing for register_setting().8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_REQUEST['csrf']8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_REQUEST['csrf']
WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
Show 15 moreShow less
ERRORSecuritySQL query is not prepared6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
ERRORI18nUnordered Placeholders Text6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'The optimized quality (%s) differs from the setting (%s). You can change the optimization to the current setting by clicking on "Force re-optimize". '.
ERRORMaintainabilityMissing direct file access protection5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilitywp function not compatible with requires wp5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Function "_wp_get_attachment_relative_path()" requires WordPress 4.4.1, but your plugin minimum supported version is WordPress 4.0.0.
WARNINGSecurityInterpolated SQL is not prepared4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $extraSQL at \t\t\t\tinner join $wpdb->postmeta on $wpdb->posts.ID = $wpdb->postmeta.post_id and $wpdb->postmeta.meta_key = %s $extraSQL"
WARNINGMaintainabilityNon-prefixed global variable4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$attachment_id".
WARNINGMaintainabilityerror log debug backtrace4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
debug_backtrace() found. Debug code should not normally be used in production.
ERRORMaintainabilitycurl curl close4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl exec4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl init4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations chmod4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
ERRORMaintainabilityfile system operations is writable4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORI18nText Domain Mismatch4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
Mismatched text domain. Expected 'resmushit-image-optimizer' but got 'resmushit-image-optimizer/'.
WARNINGMaintainabilityerror log error log3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGSecurityMissing nonce verification3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
Score History
First score snapshot
v1.0.6
25
Latest
- Findings
- 224
- Errors
- 155
- Warnings
- 69
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 25 | 224 | 155 | 69 | v1.0.6 | 2.0.0 |
Related Plugins
2k+ active installs
4k+ active installs
60k+ active installs
20k+ active installs
1k+ active installs
30k+ active installs