Short Description WP Accessibility Helper helps solve accessibility problems
Category Scores
Top Issues by Category
security82
maintainability60
i18n6
repo_compliance1
Issues Details
149 issues found in latest scan
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_GET['page']
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$i'.
$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar
Processing form data without nonce verification.
Detected usage of a non-sanitized, non-validated input variable _SERVER: "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"
The plugin name includes a restricted term. Your chosen plugin name - "WP Accessibility Helper (WAH)" - contains the restricted term "wp" which cannot be used at all in your plugin name.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
Detected usage of meta_query, possible slow query.
print_r() found. Debug code should not normally be used in production.
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Function "sanitize_textarea_field()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 4.3.0.
Plugin name "WP Accessibility Helper (WAH)" is different from the name declared in plugin header "WP Accessibility Helper".
Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Mismatched Stable Tag: 0.6.5 != 0.6.6. Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.
| Code | Type | Message | Count |
|---|---|---|---|
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 29 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 22 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['page'] | 20 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$i'. | 18 |
| Internal.LineEndings.Mixed | WARNING | File has mixed line endings; this may cause incorrect results | 16 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar | 8 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 4 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized | WARNING | Detected usage of a non-sanitized, non-validated input variable _SERVER: "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" | 4 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 4 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "WP Accessibility Helper (WAH)" - contains the restricted term "wp" which cannot be used at all in your plugin name. | 3 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 2 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 2 |
| WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | ERROR | Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'. | 2 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 2 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 2 |
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['page']. Check that the array index exists before using it. | 2 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 2 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "sanitize_textarea_field()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 4.3.0. | 2 |
| mismatched_plugin_name | WARNING | Plugin name "WP Accessibility Helper (WAH)" is different from the name declared in plugin header "WP Accessibility Helper". | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| stable_tag_mismatch | ERROR | Mismatched Stable Tag: 0.6.5 != 0.6.6. Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org. | 1 |
Latest Snapshot
Findings
149
Errors
61
Warnings
88
Score History
First score snapshot
First scan completed Jun 20, 2026
v0.6.6 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v0.6.6
38
Latest
- Findings
- 149
- Errors
- 61
- Warnings
- 88
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 38 | 149 | 61 | 88 | v0.6.6 | 2.0.0 | 2026.06-mvp-static-v2 |
