Sends a list of subscribers an email notification when you publish new posts.
Category Scores
Top Issues by Category
security229
maintainability207
repo_compliance3
performance2
supply_chain1
Issues Details
442 issues found in latest scan
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
$_GET['order'] not unslashed before sanitization. Use wp_unslash() or similar
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_FILES['file']['error'][$key]
Detected usage of a possibly undefined superglobal array index: $_FILES['file']['error'][$key]. Check that the array index exists before using it.
Processing form data without nonce verification.
Function "current_datetime()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.0.0.
Unescaped parameter $ids used in $wpdb->get_col()\n$ids assigned unsafely at line 1259.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Detected usage of meta_query, possible slow query.
Short URL detected (tinyurl.com). Use full URLs instead of URL shorteners.
Attempting a database schema change is discouraged.
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Found call to wp_enqueue_style() with external resource. Offloading styles to your servers or any remote service is disallowed.
The use of function set_time_limit() is discouraged
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_field'.
The parameter "array(\n\t\t\t\t\t\t\t'fields' => 'ids',\n\t\t\t\t\t\t\t'get' => 'all',\n\t\t\t\t\t\t)" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
Plugin name "Subscribe2 - Form, Email Subscribers & Newsletters" is different from the name declared in plugin header "Subscribe2".
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
One or more tags were ignored. Please limit your plugin to 5 tags.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 82 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 82 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['order'] not unslashed before sanitization. Use wp_unslash() or similar | 63 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 44 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES['file']['error'][$key] | 42 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES['file']['error'][$key]. Check that the array index exists before using it. | 41 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 29 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "current_datetime()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.0.0. | 18 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $ids used in $wpdb->get_col()\n$ids assigned unsafely at line 1259. | 9 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 9 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 8 |
| PluginCheck.CodeAnalysis.ShortURL.Found | WARNING | Short URL detected (tinyurl.com). Use full URLs instead of URL shorteners. | 2 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 2 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 2 |
| PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent | ERROR | Found call to wp_enqueue_style() with external resource. Offloading styles to your servers or any remote service is disallowed. | 1 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 1 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_nonce_field'. | 1 |
| WordPress.WP.DeprecatedParameters.Get_termsParam2Found | WARNING | The parameter "array(\n\t\t\t\t\t\t\t'fields' => 'ids',\n\t\t\t\t\t\t\t'get' => 'all',\n\t\t\t\t\t\t)" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter. | 1 |
| hidden_files | ERROR | Hidden files are not permitted. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Subscribe2 - Form, Email Subscribers & Newsletters" is different from the name declared in plugin header "Subscribe2". | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
Latest Snapshot
Findings
442
Errors
32
Warnings
410
Score History
First score snapshot
First scan completed Jun 20, 2026
v10.45 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v10.45
32
Latest
- Findings
- 442
- Errors
- 32
- Warnings
- 410
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 32 | 442 | 32 | 410 | v10.45 | 2.0.0 | 2026.06-mvp-static-v2 |
