[HumanSlop] Code Quality Audit: 24574 findings in BackWPup – WordPress Backup & Restore Plugin

[welbinator]

HumanSlop Automated Code Quality Audit

We've completed an automated audit of BackWPup – WordPress Backup & Restore Plugin v5.6.9 as part of
HumanSlop.org — an open accountability project for the WordPress ecosystem.

Full audit report: https://humanslop.org/audits/backwpup/

Summary: 24574 code quality issues found

PHP_CodeSniffer (24572 issues)

We found 24572 PHP_CodeSniffer violations against the WordPress Coding Standards. To reproduce:

composer require --dev squizlabs/php_codesniffer wp-coding-standards/wpcs
./vendor/bin/phpcs --standard=WordPress backwpup/

Full details are on the audit report page.

Other Code Quality Issues

Severity	Issue	Location	Tool
Info	Backup table row HTML buffered and echoed without explicit escaping (false positive)	components/table-row-backups.php:339	ai
Info	Edit job page outputs WordPress checkbox HTML without explicit esc_ wrapper	inc/class-page-editjob.php:872	ai

Note: Security-related findings are reported privately via GitHub Security Advisory.
This issue only contains non-security code quality findings.

To dispute a finding or notify us of a fix, please reply here or email contact@humanslop.org.

See our methodology and disclosure policy.