PluginCheck.CodeAnalysis.Heredoc.NotAllowed
Not Allowed
Plugin Check reported a maintainability issue that can make the plugin harder to review, run, or update.
Why It Shows Up
The finding matches a WordPress coding-standard or Plugin Check rule for code clarity, compatibility, packaging, or API usage.
Why It Matters
Maintainability findings reduce confidence that the plugin will behave consistently across hosts, WordPress versions, and other plugins.
How to Fix
- Find the exact file and line in the raw scan output.
- Prefer WordPress APIs and standard coding patterns over custom or legacy behavior.
- If the warning is from bundled third-party code, document that separately and avoid modifying vendor files unless necessary.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #451 | Loan Comparison | 40 | 27 | 192 | 400 | Request data is not unslashed | ||
| #452 | Page Comments Off Please | 40 | 17 | 29 | 1k+ | Nonce verification recommended | ||
| #453 | AdFlow – Easy Google AdSense Integration | 40 | 150 | 9 | 3k+ | Unsafe printing function | ||
| #454 | QR code MeCard/vCard generator | 40 | 322 | 21 | 2k+ | Unsafe printing function | ||
| #455 | Social Share Buttons & Analytics Plugin – GetSocial.io | 40 | 97 | 25 | 2k+ | Output is not escaped | ||
| #456 | Simple Website Banner | 41 | 106 | 8 | 700 | Output is not escaped | ||
| #457 | Google Authenticator | 41 | 39 | 65 | 20k+ | Output is not escaped | ||
| #458 | Share a Draft | 41 | 39 | 6 | 3k+ | Output is not escaped | ||
| #459 | Simple Google Photos Grid | 41 | 48 | 2 | 1k+ | Output is not escaped | ||
| #460 | Text Hover | 41 | 44 | 13 | 1k+ | Output is not escaped | ||
| #461 | Text Replace | 41 | 55 | 12 | 3k+ | Output is not escaped | ||
| #462 | Custom Login | 42 | 36 | 116 | 10k+ | Non-prefixed global variable | ||
| #463 | Easy Video Player | 42 | 20 | 20 | 20k+ | Output is not escaped | ||
| #464 | Exclude Pages | 42 | 31 | 14 | 30k+ | Non Singular String Literal Domain | ||
| #465 | UniConsent Cookie Consent CMP – Consent Manager | 42 | 148 | 18 | 1k+ | Unsafe printing function | ||
| #466 | AMP | 43 | 63 | 362 | 400k+ | Non-prefixed hook name | ||
| #467 | Automatic Responsive Tables | 43 | 67 | 15 | 1k+ | Output is not escaped | ||
| #468 | reCAPTCHA for MW WP Form | 43 | 37 | 14 | 30k+ | Non Singular String Literal Domain | ||
| #469 | SmartVideo – Video Player and CDN | 44 | 295 | 44 | 1k+ | Text Domain Mismatch | ||
| #470 | LINE Auto Post | 45 | 19 | 11 | 500 | Heredoc Output Not Escaped | ||
| #471 | TotalSurvey for Survey, Quiz and Form | 46 | 290 | 33 | 600 | Missing direct file access protection | ||
| #472 | Ultimate FAQ Solution | 46 | 285 | 97 | 600 | Text Domain Mismatch | ||
| #473 | DPO Pay for WooCommerce | 47 | 28 | 41 | 1k+ | Non Singular String Literal Text | ||
| #474 | KCSG Kartra Pages | 47 | 30 | 16 | 500 | Heredoc Output Not Escaped | ||
| #475 | Better Badge – Custom Product Badges for WooCommerce | 48 | 21 | 47 | 500 | Non Singular String Literal Domain | ||
| #476 | Tag Pilot FREE – Google Tag Manager Integration for WooCommerce | 48 | 35 | 19 | 1k+ | Output is not escaped | ||
| #477 | Library Bookshelves | 48 | 12 | 59 | 500 | Nonce verification recommended | ||
| #478 | Navigation menu as Dropdown Widget | 48 | 49 | 1 | 2k+ | Output is not escaped | ||
| #479 | WP Login Form | 48 | 14 | 20 | 7k+ | Request data is not unslashed | ||
| #480 | Batcache | 49 | 12 | 53 | 700 | Input is not sanitized | ||
| #481 | Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode | 49 | 148 | 176 | 100k+ | Non-prefixed global variable | ||
| #482 | Easy Media Download | 49 | 20 | 15 | 9k+ | Output is not escaped | ||
| #483 | Post/Page Specific Custom Code | 49 | 21 | 14 | 7k+ | Output is not escaped | ||
| #484 | SpinupWP | 49 | 43 | 38 | 30k+ | Non-prefixed function | ||
| #485 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 4k+ | Non-prefixed global variable | ||
| #486 | WooBuilder | 49 | 20 | 17 | 700 | Output is not escaped | ||
| #487 | TrustedSite | 50 | 29 | 14 | 20k+ | Output is not escaped | ||
| #488 | Gravatar Enhanced – Avatars, Profiles, and Privacy | 51 | 38 | 48 | 100k+ | Dynamic hook name | ||
| #489 | Tiny gtag.js Analytics | 51 | 39 | 0 | 400 | Output is not escaped | ||
| #490 | YayMail – WooCommerce Email Customizer | 51 | 163 | 788 | 50k+ | Non-prefixed global variable | ||
| #491 | GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time | 52 | 26 | 27 | 1k+ | Exception output is not escaped | ||
| #492 | Connect Contact Form 7 and Mailchimp | 53 | 290 | 52 | 40k+ | Text Domain Mismatch | ||
| #493 | Pinterest for WooCommerce | 53 | 44 | 30 | 300k+ | Exception output is not escaped | ||
| #494 | Flexible Spacer Block | 54 | 34 | 15 | 4k+ | Unsafe printing function | ||
| #495 | Booking Calendar | 55 | 27 | 40 | 50k+ | Missing Translators Comment | ||
| #496 | Enhanced Category Pages | 55 | 23 | 25 | 2k+ | Direct Query | ||
| #497 | Landingi Landing Pages | 55 | 18 | 23 | 2k+ | Input is not sanitized | ||
| #498 | Anti-Captcha (anti-spam botblocker) | 56 | 23 | 26 | 1k+ | rand mt rand | ||
| #499 | FluentSnippets – High-Performance Code Snippets, Header & Footer Code, Custom CSS & PHP Code Manager | 56 | 31 | 27 | 50k+ | Nonce verification recommended | ||
| #500 | Maya Business Plugin | 56 | 9 | 39 | 600 | Input is not validated |