Top Issues by Category
maintainability10
security7
i18n6
repo_compliance5
Issues Details
28 issues found in latest scan
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Detected usage of a non-sanitized input variable: $_ENV['SERVER_SOFTWARE']
$_POST['data'] not unslashed before sanitization. Use wp_unslash() or similar
Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$spiderblocker".
Processing form data without nonce verification.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
Mismatched text domain. Expected 'spiderblocker' but got 'eu-vat-b2b-taxes'.
Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ==="
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license.
Tested up to: 6.5 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
The "Domain Path" header in the plugin file must start with forward slash.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 5 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 5 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_ENV['SERVER_SOFTWARE'] | 3 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['data'] not unslashed before sanitization. Use wp_unslash() or similar | 3 |
| PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent | ERROR | Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$spiderblocker". | 1 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_chmod | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod(). | 1 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'spiderblocker' but got 'eu-vat-b2b-taxes'. | 1 |
| invalid_plugin_name | ERROR | Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ===" | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| no_license | ERROR | Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license. | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.5 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_invalid_author_uri | ERROR | The "Author URI" header in the plugin file is not valid. | 1 |
| plugin_header_invalid_domain_path | WARNING | The "Domain Path" header in the plugin file must start with forward slash. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
Latest Snapshot
Findings
28
Errors
19
Warnings
9
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.3.7 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.3.7
78
Latest
- Findings
- 28
- Errors
- 19
- Warnings
- 9
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 78 | 28 | 19 | 9 | v1.3.7 | 2.0.0 | 2026.06-mvp-static-v2 |
