WPGuppy is a well thought and clinically designed and developed WordPress chat plugin which has been engineered to fulfill the market needs.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "guppy_time_slots". | 287:5 | Plugin Repo |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 80:41 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 75:\n $query = "SELECT $guppyFriends.*\r\n\t\t\tFROM $guppyFriends\r\n\r\n\t\t\tWHERE $where"\n$guppyFriends assigned unsafely at line 65:\n $guppyFriends = $wpdb->prefix . 'wpguppy_friend_list'\n$is_exclude used without escaping.\n$where assigned unsafely at line 72:\n $where .= " OR\t($guppyFriends.send_by= $userId AND $guppyFriends.send_to= $loginedUser)"\n$userId used without escaping.\n$loginedUser used without escaping. | 82:28 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "guppy_time_slots_filter". | 316:31 | Plugin Repo |
| ERROR | WordPress.WP.I18n.NonSingularStringLiteralText | The $text parameter must be a single text string literal. Found: $default_translations['sent'] | 547:51 | General |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 82:37 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 119:\n $query = "SELECT * FROM (\r\n\t\t\t\t\tSELECT $userTable.display_name as userName, $guppyFriends.send_by, $guppyFriends.send_to \r\n\t\t\t\t\tFROM $guppyFriends \r\n\t\t\t\t\tINNER JOIN $userTable ON $guppyFriends.send_to = $userTable.ID \r\n\t\t\t\t\tWHERE $guppyFriends.friend_status = '3'\r\n\t\t\t\t\tAND $guppyFriends.send_to = $loginedUser $searchFriend\r\n\t\t\t\t)as t ORDER BY t.userName ASC LIMIT $offset, $limit"\n$userTable assigned unsafely at line 97:\n $userTable = $wpdb->prefix . 'users'\n$guppyFriends assigned unsafely at line 98:\n $guppyFriends = $wpdb->prefix . 'wpguppy_friend_list'\n$loginedUser used without escaping.\n$searchFriend assigned unsafely at line 102:\n $searchFriend =" AND $userTable.display_name LIKE '%$searchQuery%'"\n$searchQuery used without escaping. | 128:27 | Security |
| ERROR | WordPress.WP.I18n.NonSingularStringLiteralText | The $text parameter must be a single text string literal. Found: $default_translations['invite'] | 548:51 | General |
| ERROR | WordPress.WP.I18n.NonSingularStringLiteralText | The $text parameter must be a single text string literal. Found: $default_translations['blocked'] | 549:51 | General |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 128:40 | Security |
| 15.11.2025, 15:43:38 | 19s | 56 | 123 | 122 |