TNC Toolbox: Web Performance
Slug: tnc-toolbox · Merlot Digital (by TNC) · 1,000+
Overall Score
Excellent quality and security
What this score means
Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.
-
Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
-
Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
-
Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
-
High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
High confidence (100/100) based on metadata completeness and vulnerability evidence quality.
Open vulnerabilities are weighted by severity, CVSS, and patch availability, then adjusted slightly when the source data is incomplete.
- Wordfence: June 10, 2026 7:46 am (29 minutes ago)
Score Breakdown
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Why this score?
Top deductions are based on 3 affected rules, reducing this category by 11 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Repo issue: Warning | 2 | -6 | 54.5% |
| Tested up to version is behind current WordPress | 1 | -3 | 27.3% |
| Repo issue: Notice | 2 | -2 | 18.2% |
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Why this score?
Top deductions are based on 1 affected rules, reducing this category by 2 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Accessibility issue: Warning | 1 | -2 | 100% |
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Plugin Details
- Version: 2.1.4
- Active Installs: 1,000+
- Last Updated: 2026-03-27 11:10:00
- Tested up to: 6.9.4
- Requires PHP:
- Rating: 5/5 (4 ratings)
- Support: 1/1 resolved (100%)
- View on WordPress.org
- Download Plugin
Scan Summary
- Errors: 0
- Warnings: 3
- Notices: 2
- Last Scanned: 2026-05-23 21:23:23
- Score confidence: 100/100
What Changed Since Last Scan
New Issues
No items in this category.
Resolved Issues
No items in this category.
Worsened Issues
No items in this category.
Detected Issues
| Severity | Category | Message | File | Fix Guidance |
|---|---|---|---|---|
| WARNING | REPO | Plugin metadata is missing a declared minimum PHP version. |
Quick
Add a "Requires PHP" value in the plugin header and readme metadata.
Moderate
Validate minimum PHP compatibility across supported environments and release notes.
Advanced
Automate compatibility matrix tests in CI for all declared PHP versions.
|
|
| NOTICE | REPO | Plugin metadata does not declare a minimum WordPress version. |
Quick
Add "Requires at least" to plugin headers and readme metadata.
Moderate
Confirm feature compatibility boundaries and document unsupported WordPress versions.
Advanced
Introduce version-aware automated tests for WordPress APIs used by the plugin.
|
|
| WARNING | REPO | Main plugin file does not declare a Text Domain header. | tnc-toolbox.php |
Quick
Add a Text Domain header so translation tooling and WordPress.org can identify the plugin textdomain.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
| WARNING | ACCESSIBILITY | Image markup without an alt attribute detected. | core/core.php |
Quick
Add alt attributes to the flagged image tags, or alt="" for decorative images.
Moderate
Audit all templates/components for missing alternative text and update content guidelines.
Advanced
Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
|
| NOTICE | REPO | Translation functions are present, but no textdomain loader was detected. |
Quick
Call load_plugin_textdomain() during plugin bootstrap so translations can be loaded.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
Score History
Range Change: 0 pts · All-Time High: 98/100
All Past Vulnerabilities
Showing all known historical vulnerabilities for this plugin, including open and closed records.
| Vulnerability | CVE | Severity | Status | Affected Versions | Patched Version | Updated | Source |
|---|---|---|---|---|---|---|---|
| TNC Toolbox: Web Performance <= 2.0.4 - Missing Authorization | N/A | LOW | Closed | *-2.0.4 | 2.0.5 | 2025-11-29 00:00:00 | Wordfence |
| TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover | N/A | LOW | Closed | *-1.4.2 | 2.0.0 | 2025-11-10 22:27:47 | Wordfence |