PluginScore

Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF

Optimize image sizes, regenerate thumbnails, enable retina, convert to WebP/AVIF, or use cloud optimization. An essential image toolkit.

v7.1.7Jordy MeowUpdated Added 60k+ installs96% rating0% support resolved
AVIFregenerateretinathumbnailswebp
25
Score
154
Errors
118
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

272 findings

Maintainability

128

12 issue groups

Security

69

10 issue groups

I18n

37

3 issue groups

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_debug_fh".26
Category
Maintainability
Occurrences
26
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_debug_fh".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: $this->domain24
Category
I18n
Occurrences
24
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->domain

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.23
Category
Maintainability
Occurrences
23
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().19
Category
Maintainability
Occurrences
19
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $query11
Category
Security
Occurrences
11
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityRecommendedProcessing form data without nonce verification.11
Category
Security
Occurrences
11
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'.9
Category
Security
Occurrences
9
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
Show 15 more
WARNINGMaintainabilityNon Prefixed Constant Found8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CACHE_TIME".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecurityMissing Unslash8
Category
Security
Occurrences
8
Severity
warning

Sample message

$_GET['devicePixelRatio'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityInterpolated Not Prepared7
Category
Security
Occurrences
7
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $excludeSql at \t\t\t$excludeSql"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityInput Not Sanitized7
Category
Security
Occurrences
7
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['devicePixelRatio']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORI18nText Domain Mismatch7
Category
I18n
Occurrences
7
Severity
error

Sample message

Mismatched text domain. Expected 'wp-retina-2x' but got 'meowapps'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGSecurityMissing6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORI18nMissing Translators Comment6
Category
I18n
Occurrences
6
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORMaintainabilityrand mt rand5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
ERRORSecurityUnescaped DBParameter4
Category
Security
Occurrences
4
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 639.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityUnescaped DBParameter4
Category
Security
Occurrences
4
Severity
warning

Sample message

Unescaped parameter $this used in $wpdb->get_col()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityerror log trigger error4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
ERRORMaintainabilityparse url parse url4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityrename rename4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

WordPress.WP.AlternativeFunctions.rename_rename
ERRORMaintainabilityfile system operations fclose3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
ERRORSecurityLike Wildcards In Query2
Category
Security
Occurrences
2
Severity
error

Sample message

SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE 'image/%%'.

WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery

Score History

First score snapshot

v7.1.7

25

Latest

Findings
272
Errors
154
Warnings
118
Check
2.0.0

Related Plugins

Modern Image Formats

100k+ active installs

100
Image Regenerate & Select Crop

8k+ active installs

99
Thumbnail Upscale

3k+ active installs

99
Disable Generate Thumbnails

6k+ active installs

98
Easy Add Thumbnail

7k+ active installs

98
OTF Regenerate Thumbnails

4k+ active installs

98