Advanced WooCommerce product search plugin. Search inside any product field. Support for both AJAX search and search results page.
Category Scores
Top Issues by Category
security424
maintainability111
i18n52
Issues Details
605 issues found in latest scan
Processing form data without nonce verification.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div {$this->render_attributes( '_root' )}>"'.
$_GET[$url_key] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_GET[$url_key]
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Function "get_term_meta()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.0.0.
Use placeholders and $wpdb->prepare(); found interpolated variable {$count_multiplier} at "( case when ( term_source = '%s' AND term = '%s' ) then {$relevance} * ( {$count_multiplier} ) else 0 end )"
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'There are several ways you can add a search form to your site. Use the \'Seamless integration\' option, shortcode, widget or custom php function. Read more inside %s section or read %s.'.
Processing form data without nonce verification.
Unescaped parameter $query used in $wpdb->query()\n$query assigned unsafely at line 156.
Attempting a database schema change is discouraged.
Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'.
Setting `suppress_filters` to `true` is prohibited.
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Mismatched text domain. Expected 'advanced-woo-search' but got "aurum".
Detected usage of meta_query, possible slow query.
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
The $text text string should have translatable content. Found: ""
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Detected usage of tax_query, possible slow query.
The use of function set_time_limit() is discouraged
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 170 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div {$this->render_attributes( '_root' )}>"'. | 103 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET[$url_key] not unslashed before sanitization. Use wp_unslash() or similar | 54 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET[$url_key] | 35 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 27 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 27 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 26 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_term_meta()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.0.0. | 25 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable {$count_multiplier} at "( case when ( term_source = '%s' AND term = '%s' ) then {$relevance} * ( {$count_multiplier} ) else 0 end )" | 23 |
| WordPress.WP.I18n.UnorderedPlaceholdersText | ERROR | Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'There are several ways you can add a search form to your site. Use the \'Seamless integration\' option, shortcode, widget or custom php function. Read more inside %s section or read %s.'. | 14 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 13 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $query | 10 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $query used in $wpdb->query()\n$query assigned unsafely at line 156. | 9 |
| WordPress.DB.DirectDatabaseQuery.SchemaChange | WARNING | Attempting a database schema change is discouraged. | 7 |
| WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder | ERROR | Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%s'. | 7 |
| WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | ERROR | Setting `suppress_filters` to `true` is prohibited. | 7 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 6 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'advanced-woo-search' but got "aurum". | 6 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 5 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 5 |
| WordPress.WP.I18n.NoEmptyStrings | ERROR | The $text text string should have translatable content. Found: "" | 4 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 4 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 3 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 2 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 2 |
Latest Snapshot
Findings
605
Errors
228
Warnings
377
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.65 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.65
31
Latest
- Findings
- 605
- Errors
- 228
- Warnings
- 377
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 31 | 605 | 228 | 377 | v3.65 | 2.0.0 | 2026.06-mvp-static-v2 |
