Easily embed and manage videos from Infomaniak VOD in your posts, comments and RSS feeds. You need an Infomaniak VOD account to use this plugin.
Category Scores
Top Issues by Category
security785
i18n221
maintainability164
Issues Details
1,182 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $selected>"'.
Mismatched text domain. Expected 'vod-infomaniak' but got 'text-domain'.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Use placeholders and $wpdb->prepare(); found $aFoldersList
Detected usage of a possibly undefined superglobal array index: $_GET['nonce']. Check that the array index exists before using it.
$_GET['nonce'] not unslashed before sanitization. Use wp_unslash() or similar
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_GET['nonce']
Unescaped parameter $db->db_table_folder used in $wpdb->query()\n$db->db_table_folder used without escaping.
Function "sanitize_key()" requires WordPress 3.0.0, but your plugin minimum supported version is WordPress 2.8.6.
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1507.
Attempting a database schema change is discouraged.
Processing form data without nonce verification.
Short PHP opening tag used with echo; expected "<?php echo $actionurl ..." but found "<?= $actionurl ..."
Using __FILE__ for menu slugs risks exposing filesystem structure.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Multiple placeholders in translatable strings should be ordered. Expected "%1\$d, %2\$d", but got "%d, %d" in "Cette option vous permet de mettre a jour automatiquement votre blog a chaque ajout de video a votre espace VOD.<br/>Veuillez aller dans \"<a href='https://manager.infomaniak.com/v3/%d/vod/%d/plugin/callbacks' target='_blank'>Extensions CMS/API -> Callback</a>\" et mettre l'adresse suivante dans le champ \"Adresse de Callback\"".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
var_dump() found. Debug code should not normally be used in production.
rand() is discouraged. Use the far less predictable wp_rand() instead.
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $selected>"'. | 229 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'vod-infomaniak' but got 'text-domain'. | 211 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 154 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $aFoldersList | 130 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['nonce']. Check that the array index exists before using it. | 65 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['nonce'] not unslashed before sanitization. Use wp_unslash() or similar | 59 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 57 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 51 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 40 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['nonce'] | 40 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $db->db_table_folder used in $wpdb->query()\n$db->db_table_folder used without escaping. | 38 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "sanitize_key()" requires WordPress 3.0.0, but your plugin minimum supported version is WordPress 2.8.6. | 22 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1507. | 13 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 11 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 10 |
| Generic.PHP.DisallowShortOpenTag.EchoFound | ERROR | Short PHP opening tag used with echo; expected "<?php echo $actionurl ..." but found "<?= $actionurl ..." | 9 |
| WordPress.Security.PluginMenuSlug.Using__FILE__ | WARNING | Using __FILE__ for menu slugs risks exposing filesystem structure. | 7 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 5 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 4 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 3 |
| WordPress.WP.I18n.UnorderedPlaceholdersText | ERROR | Multiple placeholders in translatable strings should be ordered. Expected "%1\$d, %2\$d", but got "%d, %d" in "Cette option vous permet de mettre a jour automatiquement votre blog a chaque ajout de video a votre espace VOD.<br/>Veuillez aller dans \"<a href='https://manager.infomaniak.com/v3/%d/vod/%d/plugin/callbacks' target='_blank'>Extensions CMS/API -> Callback</a>\" et mettre l'adresse suivante dans le champ \"Adresse de Callback\"". | 3 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 3 |
| WordPress.PHP.DevelopmentFunctions.error_log_var_dump | WARNING | var_dump() found. Debug code should not normally be used in production. | 2 |
| WordPress.WP.AlternativeFunctions.rand_rand | ERROR | rand() is discouraged. Use the far less predictable wp_rand() instead. | 2 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching. | 2 |
Latest Snapshot
Findings
1,182
Errors
797
Warnings
385
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.5.14 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.5.14
27
Latest
- Findings
- 1,182
- Errors
- 797
- Warnings
- 385
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 27 | 1,182 | 797 | 385 | v1.5.14 | 2.0.0 | 2026.06-mvp-static-v2 |
