PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
177
5 issue groups
Maintainability
101
10 issue groups
Performance
1
1 issue group
Repo Compliance
1
1 issue group
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Invalid WC_Order id {$order_id}."'.109
- Category
- Security
- Occurrences
- 109
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Invalid WC_Order id {$order_id}."'.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;67
- Category
- Maintainability
- Occurrences
- 67
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET['change_payment_method']57
- Category
- Security
- Occurrences
- 57
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['change_payment_method']
WARNINGMaintainabilityDynamic Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action_name".10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action_name".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityRecommendedProcessing form data without nonce verification.6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "deprecated_argument_run".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "deprecated_argument_run".
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$hide_save_button".3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$hide_save_button".
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wc_help_tip'.3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wc_help_tip'.
Show 7 moreShow less
WARNINGMaintainabilitytrademarked term3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "WooCommerce PayPal Payments" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.
WARNINGSecurityUnescaped DBParameter2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Unescaped parameter $table used in $wpdb->query()\n$table assigned unsafely at line 237.
WARNINGMaintainabilityslow db query meta key1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
WARNINGMaintainabilityInvalid Prefix Passed1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "woocommerce.feature_flags.woocommerce" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
WARNINGPerformancePost Not In exclude1
- Category
- Performance
- Occurrences
- 1
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
WARNINGMaintainabilitymissing composer json file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
WARNINGRepo Compliancereadme parser warnings trimmed section changelog1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Changelog" section is too long and was truncated. A maximum of 5000 characters is supported.
Score History
First score snapshot
v4.0.4
37
Latest
- Findings
- 280
- Errors
- 179
- Warnings
- 101
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 37 | 280 | 179 | 101 | v4.0.4 | 2.0.0 |
Related Plugins
4k+ active installs
10k+ active installs
2k+ active installs
2k+ active installs
5k+ active installs
3k+ active installs