← Back to Leaderboard
Helps you customize WooCommerce without writing any code!
97
Score
4
Errors
5
Warnings
30K
Installs
Security6
General1
Repo2
Performance0
Accessibility0
Top Issues by Category
Issues organized by category, type, and rule family
Issues Details
9 issues found in latest scan
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'. | 302:55 | Security |
| ERROR | WordPress.WP.I18n.MissingArgDomain | Missing $domain parameter in function call to __(). | 370:39 | General |
| ERROR | PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 221:3 | Plugin Repo |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'. | 280:55 | Security |
| WARNING | WordPress.Security.NonceVerification.Missing | Processing form data without nonce verification. | 122:18 | Security |
| WARNING | trademarked_term | The plugin slug includes a restricted term. Your plugin slug - "woocommerce-customizer" - contains the restricted term "woocommerce" which cannot be used within in your plugin slug, unless your plugin slug ends with "for woocommerce". The term must still not appear anywhere else in your plugin slug. | — | Plugin Repo |
| WARNING | WordPress.Security.NonceVerification.Missing | Processing form data without nonce verification. | 124:73 | Security |
| WARNING | WordPress.Security.ValidatedSanitizedInput.MissingUnslash | $_POST[$field['id']] not unslashed before sanitization. Use wp_unslash() or similar | 124:73 | Security |
| WARNING | WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | Detected usage of a non-sanitized input variable: $_POST[$field['id']] | 124:73 | Security |
9 total row(s)
Scan History
1 scan recorded
| 13.11.2025, 05:34:44 | 9s | 97 | 4 | 5 |
1 total row(s)
Report an issue
Tell us if something in this report looks wrong or if you need a deeper audit for Customizer for WooCommerce. We read every submission and typically reply within a day.