Robo Gallery is a powerful image gallery and photo gallery plugin with advanced features to create responsive galleries with a beautiful lightbox
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,282
11 issue groups
Maintainability
413
12 issue groups
I18n
106
2 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a href=\"#{$category_slug}\" class=\"nav-tab nav-tab-{$category_slug}\">{$category['name']}</a>"'.796
- Category
- Security
- Occurrences
- 796
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a href=\"#{$category_slug}\" class=\"nav-tab nav-tab-{$category_slug}\">{$category['name']}</a>"'.
ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.212
- Category
- Security
- Occurrences
- 212
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allImages".114
- Category
- Maintainability
- Occurrences
- 114
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allImages".
WARNINGSecurityRecommendedProcessing form data without nonce verification.109
- Category
- Security
- Occurrences
- 109
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;95
- Category
- Maintainability
- Occurrences
- 95
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityMixedFile has mixed line endings; this may cause incorrect results83
- Category
- Maintainability
- Occurrences
- 83
- Severity
- warning
Sample message
File has mixed line endings; this may cause incorrect results
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().68
- Category
- I18n
- Occurrences
- 68
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityMissing Unslash$_GET[$fieldName] not unslashed before sanitization. Use wp_unslash() or similar52
- Category
- Security
- Occurrences
- 52
- Severity
- warning
Sample message
$_GET[$fieldName] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET[$fieldName]44
- Category
- Security
- Occurrences
- 44
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET[$fieldName]
ERRORMaintainabilitywp function not compatible with requires wpFunction "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.3.0.40
- Category
- Maintainability
- Occurrences
- 40
- Severity
- error
Sample message
Function "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.3.0.
Show 15 moreShow less
ERRORI18nText Domain Mismatch38
- Category
- I18n
- Occurrences
- 38
- Severity
- error
Sample message
Mismatched text domain. Expected 'robo-gallery' but got 'cmb'.
WARNINGMaintainabilityNon Prefixed Function Found30
- Category
- Maintainability
- Occurrences
- 30
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_robo_gallery_button".
WARNINGSecurityMissing24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORSecurityregister setting Missing16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGMaintainabilityNon Prefixed Class Found14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Gallery_RoTeam_AddonAction".
ERRORMaintainabilityNo Explicit Version10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.
WARNINGMaintainabilityDirect Query8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecurityException Not Escaped8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not find template path. Template: {$templatePath}"'.
WARNINGSecuritywp redirect wp redirect8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGMaintainabilityNo Caching7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInput Not Validated7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['plugin']. Check that the array index exists before using it.
WARNINGSecurityInterpolated Not Prepared6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "SELECT ID FROM {$wpdb->posts} WHERE ID IN ($placeholders) AND post_type = %s"
WARNINGMaintainabilityMissing Version5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
WARNINGMaintainabilityslow db query meta key4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityGet terms Param2Found3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The parameter "'hide_empty=0'" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
Score History
First score snapshot
v5.1.5
23
Latest
- Findings
- 1,821
- Errors
- 1,291
- Warnings
- 530
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 1,821 | 1,291 | 530 | v5.1.5 | 2.0.0 |
Related Plugins
4k+ active installs
3k+ active installs
4k+ active installs
20k+ active installs
30k+ active installs
3k+ active installs