This plugin extends WooCommerce by setting sequential order numbers for new orders.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $order_id_column used in $wpdb->query($wpdb->prepare( "\n\t\t\t\t\t\tINSERT INTO {$order_meta_table} ({$order_id_column}, meta_key, meta_value)\n\t\t\t\t\t\tSELECT %d, '_order_number', IF( MAX( CAST( meta_value as UNSIGNED ) ) IS NULL, 1, MAX( CAST( meta_value as UNSIGNED ) ) + 1 )\n\t\t\t\t\t\t\tFROM {$order_meta_table}\n\t\t\t\t\t\t\tWHERE meta_key='_order_number'\n\t\t\t\t\t", (int) $order_id )) | 365:24 | Security |
| ERROR | PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 242:3 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $order_id_column used in $wpdb->get_col($wpdb->prepare( "\n\t\t\t\t\tSELECT {$order_id_column}\n\t\t\t\t\tFROM {$order_meta_table}\n\t\t\t\t\tWHERE meta_key = '_order_number'\n\t\t\t\t\tAND meta_value LIKE %s\n\t\t\t\t\tORDER BY {$order_id_column} {$order_sql}\n\t\t\t\t\tLIMIT %d\n\t\t\t\t", $wpdb->esc_like( $number_search ) . '%', $limit ))\n$order_id_column assigned unsafely at line 626:\n $order_id_column = $using_hpos ? 'order_id' : 'post_id'\n$order_ids assigned unsafely at line 629:\n $order_ids = $wpdb->get_col(\n\t\t\t\t$wpdb->prepare( "\n\t\t\t\t\tSELECT {$order_id_column}\n\t\t\t\t\tFROM {$order_meta_table}\n\t\t\t\t\tWHERE meta_key = '_order_number'\n\t\t\t\t\tAND meta_value LIKE %s\n\t\t\t\t\tORDER BY {$order_id_column} {$order_sql}\n\t\t\t\t\tLIMIT %d\n\t\t\t\t", $wpdb->esc_like( $number_search ) . '%', $limit )\n\t\t\t)\n$number_search assigned unsafely at line 620:\n $number_search = trim( $request['number'] )\n$request['number'] used without escaping. | 629:24 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'. | 787:55 | Security |
| ERROR | WordPress.WP.I18n.TranslatorsCommentWrongStyle | A "translators:" comment must be a "/* */" style comment. Docblock comments will not be picked up by the tools to generate a ".pot" file. | 831:29 | General |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 831:29 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$orders'. | 832:64 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'admin_url'. | 833:43 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'. | 833:79 | Security |
| ERROR | invalid_tested_upto_minor | Tested up to: 6.8.1 The version number should only include major versions 6.8. | — | Plugin Repo |
| 11/13/2025, 10:22:31 AM | 10s | 90 | 10 | 23 |