Start accepting payments in minutes with 100% digital onboarding & feature filled Razorpay payment gateway with the WooCommerce plugin.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
811
14 issue groups
Security
637
8 issue groups
I18n
153
3 issue groups
WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_clean_term_filters".254
- Category
- Maintainability
- Occurrences
- 254
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_clean_term_filters".
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Attempting to add a duplicate data set for value $value to the data provider. Fix the input data."'.233
- Category
- Security
- Occurrences
- 233
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Attempting to add a duplicate data set for value $value to the data provider. Fix the input data."'.
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.145
- Category
- Maintainability
- Occurrences
- 145
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Message: $message\n"'.134
- Category
- Security
- Occurrences
- 134
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Message: $message\n"'.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().106
- Category
- I18n
- Occurrences
- 106
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityMissing Unslash$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar71
- Category
- Security
- Occurrences
- 71
- Severity
- warning
Sample message
$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityMissingProcessing form data without nonce verification.68
- Category
- Security
- Occurrences
- 68
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;61
- Category
- Maintainability
- Occurrences
- 61
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.52
- Category
- Maintainability
- Occurrences
- 52
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNon Prefixed Class FoundClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "Basic_Object".52
- Category
- Maintainability
- Occurrences
- 52
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Basic_Object".
Show 15 moreShow less
ERRORMaintainabilitywp function not compatible with requires wp48
- Category
- Maintainability
- Occurrences
- 48
- Severity
- error
Sample message
Function "_wp_die_process_input()" requires WordPress 5.1.0, but your plugin minimum supported version is WordPress 3.9.2.
WARNINGMaintainabilityNo Caching47
- Category
- Maintainability
- Occurrences
- 47
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityNon Prefixed Variable Found45
- Category
- Maintainability
- Occurrences
- 45
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_wp_die_disabled".
WARNINGSecurityInput Not Validated45
- Category
- Security
- Occurrences
- 45
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it.
WARNINGSecurityInput Not Sanitized41
- Category
- Security
- Occurrences
- 41
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['id']
WARNINGSecurityRecommended27
- Category
- Security
- Occurrences
- 27
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon Prefixed Constant Found26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BTN_CHECKOUTJS_URL".
ERRORI18nText Domain Mismatch24
- Category
- I18n
- Occurrences
- 24
- Severity
- error
Sample message
Mismatched text domain. Expected 'woo-razorpay' but got 'my_theme_domain'.
ERRORI18nNon Singular String Literal Domain23
- Category
- I18n
- Occurrences
- 23
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: $this->id
ERRORMaintainabilitydate date19
- Category
- Maintainability
- Occurrences
- 19
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGSecurityUnescaped DBParameter18
- Category
- Security
- Occurrences
- 18
- Severity
- warning
Sample message
Unescaped parameter $cartAbandonmentTable used in $wpdb->get_row()\n$cartAbandonmentTable assigned unsafely at line 372.
ERRORMaintainabilitycurl curl errno16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations fclose16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGMaintainabilityerror log error log15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGMaintainabilityMissing Version15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
Score History
First score snapshot
v4.8.6
20
Latest
- Findings
- 1,829
- Errors
- 974
- Warnings
- 855
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 20 | 1,829 | 974 | 855 | v4.8.6 | 2.0.0 |
Related Plugins
10k+ active installs
4k+ active installs
2k+ active installs
3k+ active installs
6k+ active installs
2k+ active installs