WooCommerce wholesale plugin for serving wholesale & B2B customers. Adds wholesale pricing, user roles, dynamic pricing & more.
Category Scores
Top Issues by Category
maintainability48
security13
i18n10
supply_chain2
repo_compliance1
Issues Details
74 issues found in latest scan
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Detected usage of meta_query, possible slow query.
Detected usage of a non-sanitized input variable: $_GET['_wpnonce']
Mismatched text domain. Expected 'woocommerce-wholesale-prices' but got 'woocomerce-wholesale-prices'.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Detected usage of meta_key, possible slow query.
Detected usage of meta_value, possible slow query.
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
The plugin name includes a restricted term. Your chosen plugin name - "Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.
Unescaped parameter $sql_func used in $wpdb->get_var()\n$sql_func assigned unsafely at line 2216.
Detected usage of tax_query, possible slow query.
Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it.
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
Plugin name "Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices" is different from the name declared in plugin header "WooCommerce Wholesale Prices".
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 9 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 9 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 7 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['_wpnonce'] | 6 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'woocommerce-wholesale-prices' but got 'woocomerce-wholesale-prices'. | 6 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 5 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 4 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_value | WARNING | Detected usage of meta_value, possible slow query. | 4 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 4 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name. | 3 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $sql_func used in $wpdb->get_var()\n$sql_func assigned unsafely at line 2216. | 2 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 2 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it. | 2 |
| five_star_reviews_detected | ERROR | Linking directly to 5 stars reviews is not allowed. | 2 |
| hidden_files | ERROR | Hidden files are not permitted. | 2 |
| PluginCheck.CodeAnalysis.Heredoc.NotAllowed | ERROR | Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead | 1 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices" is different from the name declared in plugin header "WooCommerce Wholesale Prices". | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
Latest Snapshot
Findings
74
Errors
22
Warnings
52
Score History
First score snapshot
First scan completed Jun 20, 2026
v2.2.8 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v2.2.8
35
Latest
- Findings
- 74
- Errors
- 22
- Warnings
- 52
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 35 | 74 | 22 | 52 | v2.2.8 | 2.0.0 | 2026.06-mvp-static-v2 |
