WP Mail Log helps you to Log and view all emails from WordPress. It is useful if you have to debug email related problems or have to store sent emails …
Category Scores
Top Issues by Category
maintainability30
i18n20
security20
Issues Details
71 issues found in latest scan
Mismatched text domain. Expected 'wp-mail-log' but got 'wpv-wml'.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
The %i modifier is only supported in WP 6.2 or higher. Found: "%i".
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Use placeholders and $wpdb->prepare(); found interpolated variable {$filter_sql} at "SELECT DISTINCT id, to_email, subject, message, headers, attachments, DATE_FORMAT(sent_date, '%%Y/%%m/%%d %%H:%%i:%%S') as sent_date, attachments_file as files FROM %i WHERE 1 = 1 AND DATE_FORMAT(sent_date,GET_FORMAT(DATE,'JIS')) >= %s AND DATE_FORMAT(sent_date,GET_FORMAT(DATE,'JIS')) <= %s {$filter_sql} ORDER BY id DESC LIMIT %d OFFSET %d"
The plugin name includes a restricted term. Your chosen plugin name - "WP Mail Log" - contains the restricted term "wp" which cannot be used at all in your plugin name.
Unescaped parameter $entry_count_query used in $wpdb->get_var()\n$entry_count_query assigned unsafely at line 190.
Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 3.
Processing form data without nonce verification.
Scripts must be registered/enqueued via wp_enqueue_script()
A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.
The "Text Domain" header in the plugin file does not match the slug. Found "wpv-wml", expected "wp-mail-log".
Function "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.0.0.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'wp-mail-log' but got 'wpv-wml'. | 18 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 9 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 8 |
| WordPress.DB.PreparedSQLPlaceholders.UnsupportedIdentifierPlaceholder | ERROR | The %i modifier is only supported in WP 6.2 or higher. Found: "%i". | 7 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 6 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $deleteRow | 4 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable {$filter_sql} at "SELECT DISTINCT id, to_email, subject, message, headers, attachments, DATE_FORMAT(sent_date, '%%Y/%%m/%%d %%H:%%i:%%S') as sent_date, attachments_file as files FROM %i WHERE 1 = 1 AND DATE_FORMAT(sent_date,GET_FORMAT(DATE,'JIS')) >= %s AND DATE_FORMAT(sent_date,GET_FORMAT(DATE,'JIS')) <= %s {$filter_sql} ORDER BY id DESC LIMIT %d OFFSET %d" | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "WP Mail Log" - contains the restricted term "wp" which cannot be used at all in your plugin name. | 3 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $entry_count_query used in $wpdb->get_var()\n$entry_count_query assigned unsafely at line 190. | 2 |
| WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber | WARNING | Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 3. | 2 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 2 |
| Generic.PHP.ForbiddenFunctions.Found | ERROR | The use of function move_uploaded_file() is forbidden | 1 |
| WordPress.WP.EnqueuedResources.NonEnqueuedScript | ERROR | Scripts must be registered/enqueued via wp_enqueue_script() | 1 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
| readme_parser_warnings_trimmed_short_description | WARNING | The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported. | 1 |
| textdomain_mismatch | WARNING | The "Text Domain" header in the plugin file does not match the slug. Found "wpv-wml", expected "wp-mail-log". | 1 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.0.0. | 1 |
Latest Snapshot
Findings
71
Errors
42
Warnings
29
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.1.5 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.1.5
42
Latest
- Findings
- 71
- Errors
- 42
- Warnings
- 29
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 42 | 71 | 42 | 29 | v1.1.5 | 2.0.0 | 2026.06-mvp-static-v2 |
