User Menus – Nav Menu Visibility

Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.

v1.3.2Daniel IserUpdated 29 days agoAdded 10 years ago80k+ installs100% rating100% support resolved

logout menu menus nav menu user-menu

Score

531

Errors

1,298

Warnings

Change

Category Scores

Security0

Repo86

Performance100

Maintainability2

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,829 findings

Maintainability

1,304

19 issue groups

Security

521

4 issue groups

Repo Compliance

2 issue groups

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$VARS".1,075

Category: Maintainability
Occurrences: 1,075
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$VARS".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.511

Category: Security
Occurrences: 511
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".101

Category: Maintainability
Occurrences: 101
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilityNon Prefixed Class FoundClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".51

Category: Maintainability
Occurrences: 51
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilityNon Prefixed Constant FoundGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_API__ADDRESS".27

Category: Maintainability
Occurrences: 27
Severity: warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_API__ADDRESS".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "fs_plugins_api".12

Category: Maintainability
Occurrences: 12
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "fs_plugins_api".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGMaintainabilityNon Prefixed Namespace FoundNamespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "JP\UM\Admin".9

Category: Maintainability
Occurrences: 9
Severity: warning

Sample message

Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "JP\UM\Admin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedNamespaceFound

ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.7

Category: Security
Occurrences: 7
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

Show 15 more

ERRORMaintainabilitymissing direct file access protection3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

ERRORSecurityUnescaped DBParameter2

Category: Security
Occurrences: 2
Severity: error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 605.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilitySchema Change2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

WARNINGMaintainabilityMissing Version2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

ERRORMaintainabilityplugin updater detected2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: class FS_Plugin_Updater

plugin_updater_detected

WARNINGMaintainabilityupdate modification detected2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins

update_modification_detected Reference

ERRORMaintainabilitywp function not compatible with requires wp2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Function "wp_get_update_php_url()" requires WordPress 5.1.0, but your plugin minimum supported version is WordPress 4.6.0.

wp_function_not_compatible_with_requires_wp Reference

ERRORMaintainabilityPlugin Directory Write1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite

WARNINGMaintainabilityDiscouraged1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The use of function set_time_limit() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged

WARNINGMaintainabilityDynamic Hookname Found1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "{$module_type}_update_check_locales".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound

WARNINGSecuritywp redirect wp redirect1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGMaintainabilityNot In Footer1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter

ERRORRepo Complianceinvalid license1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Your plugin has an invalid license declared. Please update your readme with a valid SPDX license identifier.

invalid_license Reference

ERRORMaintainabilityinvalid tested upto minor1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Tested up to: 7.0.0 The version number should only include major versions 7.0.

invalid_tested_upto_minor Reference

ERRORRepo Compliancelicense mismatch1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.

license_mismatch Reference

Score History

First score snapshot

yesterday

v1.3.2

Latest

Findings: 1,829
Errors: 531
Warnings: 1,298
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	23	1,829	531	1,298	v1.3.2	2.0.0

Related Plugins

Breadcrumb Block

3k+ active installs

100

Menu In Post

2k+ active installs

100

Better Aria Label Support

5k+ active installs

Classic Menu in Navigation Block

2k+ active installs

Log Out Shortcode

3k+ active installs

Responsive Navigation Block

1k+ active installs