Name: WP Visitor Statistics (Real Time Traffic)
Rating: 4.4
Author: osama.esh

Top Issues by File

Files with the highest concentration of issues in the latest scan

Issues Details

1049 issues found in latest scan

	Code	Message	Location	Category
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_var($sql)\n$sql assigned unsafely at line 1308:\n $sql = 'SELECT count(*) FROM INFORMATION_SCHEMA.VIEWS WHERE table_schema = "' . DB_NAME . '" AND table_name LIKE "%_wsm%"'\n$exist assigned unsafely at line 1310:\n $exist = $wpdb->get_var($sql)	`includes/wsm_init.php:1310:25`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`includes/wsm_init.php:1330:56`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter self::$tablePrefix . '_visitorInfo') used in $wpdb->query('DROP VIEW IF EXISTS ' . self::$tablePrefix . '_visitorInfo')	`includes/wsm_init.php:2576:20`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'WSM_URL'.	`includes/wsm_init.php:1939:37`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`includes/wsm_init.php:2576:51`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $tablePrefix	`includes/wsm_init.php:2576:57`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$urlReferrer'.	`includes/wsm_init.php:1940:58`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'site_url'.	`includes/wsm_init.php:1941:57`	Security
ERROR	`WordPress.Security.EscapeOutput.OutputNotEscaped`	All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'get_current_user_id'.	`includes/wsm_init.php:1944:55`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $tablePrefix	`includes/wsm_init.php:1330:62`	Security

1049 total row(s)


06.12.2025, 01:30:48	43s	3	355	694
13.11.2025, 05:54:18	49s	3	356	694

WP Visitor Statistics (Real Time Traffic)

Security957

General73

Plugin Repository5

includes/wsm_init.php544 issues in this fileTotal: 544Errors: 200Warnings: 344

includes/wsm_admin_interface.php136 issues in this fileTotal: 136Errors: 29Warnings: 107

wp-stats-manager.php115 issues in this fileTotal: 115Errors: 1Warnings: 114

includes/wsm_statistics.php108 issues in this fileTotal: 108Errors: 40Warnings: 68

includes/wsm_db.php43 issues in this fileTotal: 43Errors: 23Warnings: 20

includes/wsm_shortcodeTable.php34 issues in this fileTotal: 34Errors: 34

includes/wsm_functions.php28 issues in this fileTotal: 28Errors: 10Warnings: 18

notifications.php26 issues in this fileTotal: 26Errors: 13Warnings: 13

includes/wsm_requests.php11 issues in this fileTotal: 11Errors: 2Warnings: 9

includes/wsm_modal.php2 issues in this fileTotal: 2Errors: 2