Generic.PHP.DiscourageGoto.Found
Goto statement found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | Non-prefixed global variable | |
| #2 | WP Directory Kit | 18 | 2,119 | 2,617 | 2k+ | Non-prefixed global variable | |
| #3 | Packeta | 21 | 802 | 333 | 8k+ | Exception output is not escaped | |
| #4 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | Non-prefixed global variable | |
| #5 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | Non-prefixed global variable | |
| #6 | oik | 22 | 489 | 180 | 2k+ | Non Singular String Literal Domain | |
| #7 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | |
| #8 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | |
| #9 | Participants Database | 24 | 951 | 894 | 7k+ | SQL query is not prepared | |
| #10 | Quick Event Manager | 24 | 152 | 388 | 1k+ | Non-prefixed function | |
| #11 | Simple Membership | 24 | 2,373 | 1,789 | 40k+ | Unsafe printing function | |
| #12 | Social Media Auto Publish | 24 | 1,468 | 713 | 6k+ | Unsafe printing function | |
| #13 | ATUM WooCommerce Inventory Management and Stock Tracking | 25 | 2,638 | 1,304 | 10k+ | Non Singular String Literal Domain | |
| #14 | WordPress Importer | 25 | 238 | 110 | 2m+ | Output is not escaped | |
| #15 | WP TripAdvisor Review Slider | 25 | 958 | 2,058 | 8k+ | Non-prefixed global variable | |
| #16 | Hester Core | 27 | 253 | 103 | 10k+ | Output is not escaped | |
| #17 | WPBase Cache | 27 | 189 | 113 | 2k+ | Text Domain Mismatch | |
| #18 | Redis Object Cache | 28 | 151 | 103 | 400k+ | Exception output is not escaped | |
| #19 | WP ADA Compliance Check Basic | 28 | 785 | 177 | 3k+ | Text Domain Mismatch | |
| #20 | SMTP for Amazon SES – YaySMTP | 30 | 197 | 122 | 3k+ | Exception output is not escaped | |
| #21 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | Non-prefixed global variable | |
| #22 | PayPal Zettle POS for WooCommerce | 31 | 302 | 44 | 4k+ | Exception output is not escaped | |
| #23 | Seriously Simple Stats | 34 | 99 | 126 | 5k+ | Output is not escaped | |
| #24 | Admin Search | 40 | 31 | 47 | 1k+ | Output is not escaped | |
| #25 | Weight Based Shipping for WooCommerce | 53 | 48 | 41 | 60k+ | Missing direct file access protection |
