This plugin lets you create custom image sizes for your site. Override your theme sizes directly on the Media settings page, regenerate thumbnails, an …
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
84
10 issue groups
Maintainability
35
10 issue groups
I18n
6
2 issue groups
Repo Compliance
2
2 issue groups
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.24
- Category
- Security
- Occurrences
- 24
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityRequest data is not unslashed$_POST['customName'] not unslashed before sanitization. Use wp_unslash() or similar16
- Category
- Security
- Occurrences
- 16
- Severity
- warning
Sample message
$_POST['customName'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['nonce']13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['nonce']
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$crop'.11
- Category
- Security
- Occurrences
- 11
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$crop'.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "SIS/Admin/Post/Display_Thumbnail_Regenerate".9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "SIS/Admin/Post/Display_Thumbnail_Regenerate".
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$crop".7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$crop".
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SIS_DIR".6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "SIS_DIR".
ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 3.5.0.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Function "wp_add_inline_script()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 3.5.0.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
ERRORI18nMissing Arg Domain3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
Missing $domain parameter in function call to esc_attr_e().
ERRORI18nNon Singular String Literal Text3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: 'custom_image_sizes[' . $args['name'] . '][h]'
ERRORSecurityDatabase parameter is not escaped2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
Unescaped parameter $whichmimetype used in $wpdb->get_var()\n$whichmimetype assigned unsafely at line 647.
WARNINGMaintainabilityDirect Query2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInterpolated SQL is not prepared2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $whichmimetype at \t\t\t\t$whichmimetype\n
ERRORSecuritySQL query is not prepared2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $_POST
ERRORMaintainabilityMissing direct file access protection2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecuritySetting is missing a sanitization callback1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGMaintainabilityNon-prefixed function1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "init_sis".
WARNINGMaintainabilityNot In Footer1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
ERRORSupply ChainHidden files included1
- Category
- Supply Chain
- Occurrences
- 1
- Severity
- error
Sample message
Hidden files are not permitted.
WARNINGMaintainabilitymissing composer json file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
WARNINGRepo Compliancereadme parser warnings no short description present1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Short Description" section is missing. An excerpt was generated from your main plugin description.
WARNINGRepo Compliancereadme parser warnings too many tags1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
One or more tags were ignored. Please limit your plugin to 5 tags.
Score History
First score snapshot
v3.2.5
35
Latest
- Findings
- 128
- Errors
- 53
- Warnings
- 75
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 35 | 128 | 53 | 75 | v3.2.5 | 2.0.0 |
Related Plugins
2k+ active installs
10k+ active installs
2k+ active installs
60k+ active installs
4k+ active installs
100k+ active installs