Ultimate Maps by Supsystic is the best Google Maps alternative. It includes OpenStreetMap (OSM), Bing Maps, MapBox and Thunderforest maps services
Category Scores
Top Issues by Category
i18n662
security430
maintainability304
Issues Details
1,408 issues found in latest scan
The $domain parameter must be a single text string literal. Found: $file['error']
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$align'.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a non-sanitized input variable: $_FILES[$this->_inputname]
$_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_FILES[$this->_inputname]. Check that the array index exists before using it.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.
Attempting a database schema change is discouraged.
The $text parameter must be a single text string literal. Found: $configOptions[$key]['description']
Processing form data without nonce verification.
mt_rand() is discouraged. Use the far less predictable wp_rand() instead.
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Invalid length for %s, max length is %s'.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"No such method exists: $name"'.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
rand() is discouraged. Use the far less predictable wp_rand() instead.
Translatable string should not be wrapped in HTML. Found: '<h3>More then eleven days with our %s plugin - Congratulations!</h3>'
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.I18n.NonSingularStringLiteralDomain | ERROR | The $domain parameter must be a single text string literal. Found: $file['error'] | 559 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$align'. | 269 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 130 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 100 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 43 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 39 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 35 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES[$this->_inputname] | 31 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_COOKIE[$name] not unslashed before sanitization. Use wp_unslash() or similar | 28 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 28 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 24 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES[$this->_inputname]. Check that the array index exists before using it. | 17 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 16 |
| WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder | WARNING | Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s. | 14 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 13 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $configOptions[$key]['description'] | 12 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 10 |
| WordPress.WP.AlternativeFunctions.rand_mt_rand | ERROR | mt_rand() is discouraged. Use the far less predictable wp_rand() instead. | 8 |
| WordPress.WP.I18n.UnorderedPlaceholdersText | ERROR | Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Invalid length for %s, max length is %s'. | 7 |
| WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir(). | 3 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"No such method exists: $name"'. | 2 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 2 |
| WordPress.WP.AlternativeFunctions.rand_rand | ERROR | rand() is discouraged. Use the far less predictable wp_rand() instead. | 2 |
| WordPress.WP.I18n.NoHtmlWrappedStrings | WARNING | Translatable string should not be wrapped in HTML. Found: '<h3>More then eleven days with our %s plugin - Congratulations!</h3>' | 2 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 2 |
Latest Snapshot
Findings
1,408
Errors
1,034
Warnings
374
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.3.2 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.3.2
24
Latest
- Findings
- 1,408
- Errors
- 1,034
- Warnings
- 374
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 24 | 1,408 | 1,034 | 374 | v1.3.2 | 2.0.0 | 2026.06-mvp-static-v2 |
