Simply add a booking calendar to your site to schedule bookings, reservations, appointments and to collect payments.
Category Scores
Top Issues by Category
security20
maintainability20
Issues Details
44 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Class must be a fully qualified name. Given type: $type"'.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
An error occurred during processing; checking has been aborted. The error message was: PHPCSUtils\Utils\PassedParameters::hasParameters(): Argument #2 ($stackPtr) must be of type function call, array, isset, unset or exit; T_THROW given.\nThe error originated in the WordPress.Security.EscapeOutput sniff on line 270.
Processing form data without nonce verification.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Unescaped parameter $query used in $wpdb->query()\n$query assigned unsafely at line 333.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_CRON".
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "getThemeColorsForDefaults".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$themeColors".
print_r() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_GET['rest_route']
$_GET['rest_route'] not unslashed before sanitization. Use wp_unslash() or similar
Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Class must be a fully qualified name. Given type: $type"'. | 13 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 8 |
| Internal.Exception | ERROR | An error occurred during processing; checking has been aborted. The error message was: PHPCSUtils\Utils\PassedParameters::hasParameters(): Argument #2 ($stackPtr) must be of type function call, array, isset, unset or exit; T_THROW given.\nThe error originated in the WordPress.Security.EscapeOutput sniff on line 270. | 5 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 3 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $query used in $wpdb->query()\n$query assigned unsafely at line 333. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_CRON". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "getThemeColorsForDefaults". | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$themeColors". | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['rest_route'] | 1 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['rest_route'] not unslashed before sanitization. Use wp_unslash() or similar | 1 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 1 |
| application_detected | ERROR | Application files are not permitted. | 1 |
| block_api_version_too_low | ERROR | Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility. | 1 |
Latest Snapshot
Findings
44
Errors
31
Warnings
13
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.3.1 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.3.1
54
Latest
- Findings
- 44
- Errors
- 31
- Warnings
- 13
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 54 | 44 | 31 | 13 | v3.3.1 | 2.0.0 | 2026.06-mvp-static-v2 |
