Enhance your website with UiCore Elements – a free plugin offering diverse widgets for effortless design enrichment.
Category Scores
Top Issues by Category
security25
performance15
maintainability15
Issues Details
59 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'.
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Detected usage of tax_query, possible slow query.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "woocommerce_loop_add_to_cart_link".
Detected usage of a non-sanitized input variable: $_GET[$arg]
$_GET[$arg] not unslashed before sanitization. Use wp_unslash() or similar
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Mismatched text domain. Expected 'uicore-elements' but got 'textdomain'.
Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.6.0.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Plugin name "UiCore Elements – Free widgets and templates for Elementor" is different from the name declared in plugin header "UiCore Elements".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$id'. | 21 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 14 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 6 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "woocommerce_loop_add_to_cart_link". | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET[$arg] | 2 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET[$arg] not unslashed before sanitization. Use wp_unslash() or similar | 2 |
| WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query | WARNING | wp_reset_query() is discouraged. Use wp_reset_postdata() instead. | 2 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 2 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'uicore-elements' but got 'textdomain'. | 2 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.6.0. | 2 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 1 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | WARNING | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "UiCore Elements – Free widgets and templates for Elementor" is different from the name declared in plugin header "UiCore Elements". | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
Latest Snapshot
Findings
59
Errors
29
Warnings
30
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.3.15 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.3.15
58
Latest
- Findings
- 59
- Errors
- 29
- Warnings
- 30
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 58 | 59 | 29 | 30 | v1.3.15 | 2.0.0 | 2026.06-mvp-static-v2 |
