The Plugin Check report has two related usability issues regarding categories:
Category filtering appears inconsistent
When the Security category is not selected before running a scan, the generated report still includes findings with rule codes such as WordPress.Security.*.
This makes it unclear whether the category filter is being applied correctly or if certain categories are always included.
Report entries do not display their category
The report shows the rule code (e.g. WordPress.Security.EscapeOutput.OutputNotEscaped) but does not include a dedicated Category column or label.
Users must infer the category from the rule name, which is not obvious, especially for new users or for rules that do not clearly indicate their category.
Steps to Reproduce
Open Tools → Plugin Check.
Select a plugin.
Uncheck the Security category.
Run the scan.
Review the generated report.
Actual Result
The report may still contain WordPress.Security.* findings even though the Security category is unchecked.
Report entries do not clearly indicate which category (General, Plugin Repo, Security, Performance, Accessibility, etc.) each issue belongs to.
Expected Result
Category filtering should behave consistently. If a category is not selected, findings from that category should not be reported (unless intentionally designed otherwise, in which case this should be clearly communicated).
Each report entry should clearly display its associated category, for example through a dedicated Category column or badge, allowing users to quickly identify which category each issue belongs to without interpreting the rule code.
Kindly refer below screenshot:-
https://prnt.sc/S99n-_u-RCOC
https://prnt.sc/CcDUucbhFtL9
The Plugin Check report has two related usability issues regarding categories:
Category filtering appears inconsistent
When the Security category is not selected before running a scan, the generated report still includes findings with rule codes such as WordPress.Security.*.
This makes it unclear whether the category filter is being applied correctly or if certain categories are always included.
Report entries do not display their category
The report shows the rule code (e.g. WordPress.Security.EscapeOutput.OutputNotEscaped) but does not include a dedicated Category column or label.
Users must infer the category from the rule name, which is not obvious, especially for new users or for rules that do not clearly indicate their category.
Steps to Reproduce
Open Tools → Plugin Check.
Select a plugin.
Uncheck the Security category.
Run the scan.
Review the generated report.
Actual Result
The report may still contain WordPress.Security.* findings even though the Security category is unchecked.
Report entries do not clearly indicate which category (General, Plugin Repo, Security, Performance, Accessibility, etc.) each issue belongs to.
Expected Result
Category filtering should behave consistently. If a category is not selected, findings from that category should not be reported (unless intentionally designed otherwise, in which case this should be clearly communicated).
Each report entry should clearly display its associated category, for example through a dedicated Category column or badge, allowing users to quickly identify which category each issue belongs to without interpreting the rule code.
Kindly refer below screenshot:-
https://prnt.sc/S99n-_u-RCOC
https://prnt.sc/CcDUucbhFtL9