The simplest and fastest WP Cache system
Category Scores
Top Issues by Category
security1,029
maintainability201
Issues Details
1,294 issues found in latest scan
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
$_GET["id"] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_GET["id"]
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value='{$key}'>"'.
Detected usage of a possibly undefined superglobal array index: $_GET["id"]. Check that the array index exists before using it.
Processing form data without nonce verification.
Processing form data without nonce verification.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
unlink() is discouraged. Use wp_delete_file() to delete a file.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CdnWPFC".
rename() is discouraged. Use WP_Filesystem::move() to rename a file.
The parameter "1" at position #3 of add_option() has been deprecated since WordPress version 2.3.0. Use "" instead.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Unescaped parameter $next_post_query used in $wpdb->get_results()\n$next_post_query assigned unsafely at line 1633.
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "wpml_current_language".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 199 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET["id"] not unslashed before sanitization. Use wp_unslash() or similar | 190 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET["id"] | 177 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<option value='{$key}'>"'. | 165 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET["id"]. Check that the array index exists before using it. | 139 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 67 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 64 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args". | 41 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 29 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $element | 21 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 21 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 19 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 19 |
| WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir(). | 15 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 14 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CdnWPFC". | 13 |
| WordPress.WP.AlternativeFunctions.rename_rename | ERROR | rename() is discouraged. Use WP_Filesystem::move() to rename a file. | 12 |
| WordPress.WP.DeprecatedParameters.Add_optionParam3Found | ERROR | The parameter "1" at position #3 of add_option() has been deprecated since WordPress version 2.3.0. Use "" instead. | 10 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 8 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $next_post_query used in $wpdb->get_results()\n$next_post_query assigned unsafely at line 1633. | 7 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 7 |
| PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected | WARNING | Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files. | 6 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "wpml_current_language". | 6 |
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 6 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 4 |
Latest Snapshot
Findings
1,294
Errors
541
Warnings
753
Score History
First score snapshot
First scan completed Jun 19, 2026
v1.4.9 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v1.4.9
24
Latest
- Findings
- 1,294
- Errors
- 541
- Warnings
- 753
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 24 | 1,294 | 541 | 753 | v1.4.9 | 2.0.0 | 2026.06-mvp-static-v2 |
