Notify subscribers automatically when products are restocked. Supports Simple, Variable, Grouped, and Subscription types.
Category Scores
Top Issues by Category
maintainability123
security15
Issues Details
143 issues found in latest scan
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'\n . '".
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CWG_BIS_Queue".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$additional_class_name".
Function "get_post_timestamp()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.7.0.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_strip_all_tags'.
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "CWG_Instock_Notifier".
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
print_r() found. Debug code should not normally be used in production.
The plugin name includes a restricted term. Your chosen plugin name - "Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Unescaped parameter call_user_func_array( array( $wpdb, 'prepare' ), $args ) ) used in $wpdb->query()
Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 23.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name".
debug_backtrace() found. Debug code should not normally be used in production.
Processing form data without nonce verification.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
$_SERVER['REMOTE_ADDR'] not unslashed before sanitization. Use wp_unslash() or similar
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'\n . '". | 44 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CWG_BIS_Queue". | 42 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$additional_class_name". | 13 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $args | 6 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 5 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "get_post_timestamp()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.7.0. | 5 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_strip_all_tags'. | 4 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 4 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "CWG_Instock_Notifier". | 3 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 2 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 2 |
| WordPress.PHP.DevelopmentFunctions.error_log_print_r | WARNING | print_r() found. Debug code should not normally be used in production. | 2 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name. | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter call_user_func_array( array( $wpdb, 'prepare' ), $args ) ) used in $wpdb->query() | 1 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 23. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name". | 1 |
| WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace | WARNING | debug_backtrace() found. Debug code should not normally be used in production. | 1 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_SERVER['REMOTE_ADDR'] not unslashed before sanitization. Use wp_unslash() or similar | 1 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 1 |
Latest Snapshot
Findings
143
Errors
26
Warnings
117
Score History
First score snapshot
First scan completed Jun 20, 2026
v7.2.2 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v7.2.2
45
Latest
- Findings
- 143
- Errors
- 26
- Warnings
- 117
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 45 | 143 | 26 | 117 | v7.2.2 | 2.0.0 | 2026.06-mvp-static-v2 |
