Product Video Gallery for Woocommerce – Embed videos to product gallery along with images on product single page of WooCommerce.
Category Scores
Top Issues by Category
security76
maintainability18
repo_compliance4
Issues Details
99 issues found in latest scan
Sanitization missing for register_setting().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$is_rtl'.
$_POST['custom_thumbnail'] not unslashed before sanitization. Use wp_unslash() or similar
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "woocommerce_gallery_thumbnail_size".
Detected usage of a non-sanitized input variable: $_POST['nickx_video_url_nonce']
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WC_PRODUCT_VIDEO_GALLERY_RENDERING".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Processing form data without nonce verification.
Detected usage of a possibly undefined superglobal array index: $_SERVER['SERVER_NAME']. Check that the array index exists before using it.
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
Mismatched text domain. Expected 'product-video-gallery-slider-for-woocommerce' but got 'woocommerce'.
Your plugin has an invalid license declared. Please update your readme with a valid SPDX license identifier.
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
The "Short Description" section is missing. An excerpt was generated from your main plugin description.
Function "utf8_encode()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 5.2.4.
| Code | Type | Message | Count |
|---|---|---|---|
| PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing | ERROR | Sanitization missing for register_setting(). | 32 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$is_rtl'. | 22 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST['custom_thumbnail'] not unslashed before sanitization. Use wp_unslash() or similar | 15 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "woocommerce_gallery_thumbnail_size". | 10 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_POST['nickx_video_url_nonce'] | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WC_PRODUCT_VIDEO_GALLERY_RENDERING". | 3 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 2 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 1 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_SERVER['SERVER_NAME']. Check that the array index exists before using it. | 1 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 1 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'product-video-gallery-slider-for-woocommerce' but got 'woocommerce'. | 1 |
| invalid_license | ERROR | Your plugin has an invalid license declared. Please update your readme with a valid SPDX license identifier. | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| readme_parser_warnings_no_short_description_present | WARNING | The "Short Description" section is missing. An excerpt was generated from your main plugin description. | 1 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "utf8_encode()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 5.2.4. | 1 |
Latest Snapshot
Findings
99
Errors
63
Warnings
36
Score History
First score snapshot
First scan completed Jun 20, 2026
v1.5.1.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v1.5.1.8
39
Latest
- Findings
- 99
- Errors
- 63
- Warnings
- 36
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 39 | 99 | 63 | 36 | v1.5.1.8 | 2.0.0 | 2026.06-mvp-static-v2 |
