Name: Two Factor Authentication
Rating: 4.4
Author: David Anderson / Team Updraft

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

222 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<p>$message</p></div>"'.	`simba-tfa/simba-tfa.php:458:52`	Security
ERROR	`PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing`	Sanitization missing for register_setting().	`simba-tfa/simba-tfa.php:506:4`	Plugin Repo
ERROR	`WordPress.WP.I18n.MissingTranslatorsComment`	A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.	`simba-tfa/simba-tfa.php:1225:30`	General
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$settings_url'.	`simba-tfa/simba-tfa.php:185:55`	Security
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound`	Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "secure_auth_cookie".	`simba-tfa/simba-tfa.php:772:33`	Plugin Repo
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`simba-tfa/simba-tfa.php:1254:26`	Security
ERROR	`WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound`	Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "secure_logged_in_cookie".	`simba-tfa/simba-tfa.php:773:50`	Plugin Repo
ERROR	`WordPress.WP.I18n.MissingTranslatorsComment`	A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.	`simba-tfa/simba-tfa.php:1611:42`	General
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.	`simba-tfa/simba-tfa.php:185:70`	Security
ERROR	`WordPress.WP.I18n.MissingTranslatorsComment`	A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.	`simba-tfa/providers/totp/loader.php:376:33`	General

222 total row(s)


09.12.2025, 11:00:15	11s	51	116	106
13.11.2025, 08:24:39	15s	51	116	106

Two Factor Authentication

Security158

Plugin Repository40

General10

Performance6

simba-tfa/simba-tfa.php94 issues in this fileTotal: 94Errors: 32Warnings: 62

simba-tfa/providers/totp/loader.php85 issues in this fileTotal: 85Errors: 48Warnings: 37

simba-tfa/providers/totp/hotp-php-master/example.php25 issues in this fileTotal: 25Errors: 25

simba-tfa/includes/tfa_frontend.php8 issues in this fileTotal: 8Errors: 2Warnings: 6

simba-tfa/templates/admin-settings.php3 issues in this fileTotal: 3Errors: 3

simba-tfa/templates/user-settings.php3 issues in this fileTotal: 3Errors: 3

simba-tfa/templates/settings-intro-notices.php2 issues in this fileTotal: 2Errors: 2

uninstall.php1 issue in this fileTotal: 1Errors: 1

readme.txt1 issue in this fileTotal: 1Warnings: 1