All-in-one toolkit for Elementor: advanced addons, theme builder, forms, icons & templates to build stunning sites fast and easy.
Category Scores
Top Issues by Category
maintainability191
security159
performance31
repo_compliance1
Issues Details
382 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active".
Processing form data without nonce verification.
$_GET['template'] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a possibly undefined superglobal array index: $_GET['template']. Check that the array index exists before using it.
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Detected usage of a non-sanitized input variable: $_FILES['file']
Processing form data without nonce verification.
Detected usage of meta_query, possible slow query.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "RTM_KIT_DIR".
Detected usage of meta_value, possible slow query.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bgText'.
Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
Replacement variables found, but no valid placeholders found in the query.
Detected usage of tax_query, possible slow query.
print_r() found. Debug code should not normally be used in production.
Tested up to: 7.0.0 The version number should only include major versions 7.0.
Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.
Plugin name "RTMKit" is different from the name declared in plugin header "RTMKit Addons for Elementor".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active". | 166 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 50 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['template'] not unslashed before sanitization. Use wp_unslash() or similar | 43 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['template']. Check that the array index exists before using it. | 36 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 31 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES['file'] | 18 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 7 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "RTM_KIT_DIR". | 5 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_value | WARNING | Detected usage of meta_value, possible slow query. | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins". | 2 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$bgText'. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized | WARNING | Detected usage of a non-sanitized, non-validated input variable _SERVER: "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" | 2 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching. | 2 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 2 |
| Internal.NoCodeFound | WARNING | No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them. | 1 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare | WARNING | Replacement variables found, but no valid placeholders found in the query. | 1 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 1 |
| invalid_tested_upto_minor | ERROR | Tested up to: 7.0.0 The version number should only include major versions 7.0. | 1 |
| license_mismatch | ERROR | Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "RTMKit" is different from the name declared in plugin header "RTMKit Addons for Elementor". | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
Latest Snapshot
Findings
382
Errors
5
Warnings
377
Score History
First score snapshot
First scan completed Jun 20, 2026
v2.0.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v2.0.8
36
Latest
- Findings
- 382
- Errors
- 5
- Warnings
- 377
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 36 | 382 | 5 | 377 | v2.0.8 | 2.0.0 | 2026.06-mvp-static-v2 |
