PluginScore

User Access Manager

With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.

v2.3.12gm_alexUpdated Added 10k+ installs86% rating
accessmember accessuser access manageruser management
30
Score
393
Errors
171
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance95
Maintainability31

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

564 findings

Security

346

8 issue groups

Maintainability

168

12 issue groups

I18n

38

4 issue groups

Performance

2

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"{$groupsFormName}[{$userGroup->getId()}][fromDate][date]"'.298
Category
Security
Occurrences
298
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"{$groupsFormName}[{$userGroup->getId()}][fromDate][date]"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$addition".113
Category
Maintainability
Occurrences
113
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$addition".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.33
Category
I18n
Occurrences
33
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;30
Category
Maintainability
Occurrences
30
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[$name]16
Category
Security
Occurrences
16
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[$name]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar15
Category
Security
Occurrences
15
Severity
warning

Sample message

$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_RANGE']. Check that the array index exists before using it.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_RANGE']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilitywp function not compatible with requires wpFunction "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.7.0.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.7.0.

wp_function_not_compatible_with_requires_wpReference
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
Show 15 more
WARNINGMaintainabilityNon-prefixed function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "initUam".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
ERRORSecurityException output is not escaped3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Missing membership handler for '$objectType'."'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORMaintainabilityfile system operations fopen3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
WARNINGSecurityMissing nonce verification2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityNonce verification recommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
ERRORMaintainabilityfile system operations fclose2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
ERRORMaintainabilityfile system operations mkdir2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
WARNINGI18nNo Html Wrapped Strings2
Category
I18n
Occurrences
2
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: '<b style="color:green;">Your UAM database seems to be in good condition.</b>'

WordPress.WP.I18n.NoHtmlWrappedStringsReference
ERRORI18nUnordered Placeholders Text2
Category
I18n
Occurrences
2
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Shows the content before the <!--more--> tag and after that the defined text at "%s content". If no <!--more--> is set the defined text at "%s content" will be shown.'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGPerformancePost Not In exclude2
Category
Performance
Occurrences
2
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
WARNINGMaintainabilityDiscouraged PHP function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The use of function set_time_limit() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGMaintainabilityDynamic hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$tag&quot;.

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;plugin_locale&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.3.12

30

Latest

Findings
564
Errors
393
Warnings
171
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related Plugins

WP Approve User

3k+ active installs

95
Simple Membership Form Shortcode

2k+ active installs

91
Resend Welcome Email

1k+ active installs

78
Groups 404 Redirect

1k+ active installs

47
User Role Editor

700k+ active installs

43
Authenticator

1k+ active installs

41