Allows you to hide any posts on the home page, category page, search page, tags page, authors page, RSS Feed, REST API, Post Navigation and more.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | Sanitization missing for register_setting(). | 68:3 | Plugin Repo |
| ERROR | PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | Sanitization missing for register_setting(). | 69:3 | Plugin Repo |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$table_name". | 16:1 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 84:\n $sql = $wpdb->prepare( "SELECT DISTINCT post_id FROM {$table_name} WHERE `condition` LIKE %s AND post_id IN (SELECT ID FROM {$wpdb->posts} WHERE post_type = %s)", $key, $post_type )\n$table_name assigned unsafely at line 79:\n $table_name = $wpdb->prefix . 'whp_posts_visibility'\n$key assigned unsafely at line 75:\n $key = str_replace( '_whp_', '', $key )\n$key assigned unsafely at line 69:\n $key = Constants::HIDDEN_POSTS_KEYS_LIST[ $from ] ?? false\n$post_type used without escaping.\n$from used without escaping. | 87:26 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 87:35 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 84:\n $sql = $wpdb->prepare( "SELECT DISTINCT post_id FROM {$table_name} WHERE `condition` LIKE %s AND post_id IN (SELECT ID FROM {$wpdb->posts} WHERE post_type = %s)", $key, $post_type )\n$table_name assigned unsafely at line 79:\n $table_name = $wpdb->prefix . 'whp_posts_visibility'\n$key assigned unsafely at line 90:\n $key = '_whp_' . $key\n$key assigned unsafely at line 75:\n $key = str_replace( '_whp_', '', $key )\n$key assigned unsafely at line 69:\n $key = Constants::HIDDEN_POSTS_KEYS_LIST[ $from ] ?? false\n$post_type used without escaping.\n$from used without escaping. | 98:27 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "whp_plugin". | 146:5 | Plugin Repo |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 98:36 | Security |
| ERROR | PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 134:3 | Plugin Repo |
| ERROR | invalid_tested_upto_minor | Tested up to: 6.8.2 The version number should only include major versions 6.8. | — | Plugin Repo |
| 11/13/2025, 8:50:28 AM | 10s | 84 | 18 | 45 |