PluginCheck.CodeAnalysis.Heredoc.NotAllowed
Not Allowed
Plugin Check reported a maintainability issue that can make the plugin harder to review, run, or update.
Why It Shows Up
The finding matches a WordPress coding-standard or Plugin Check rule for code clarity, compatibility, packaging, or API usage.
Why It Matters
Maintainability findings reduce confidence that the plugin will behave consistently across hosts, WordPress versions, and other plugins.
How to Fix
- Find the exact file and line in the raw scan output.
- Prefer WordPress APIs and standard coding patterns over custom or legacy behavior.
- If the warning is from bundled third-party code, document that separately and avoid modifying vendor files unless necessary.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #301 | Midtrans-WooCommerce | 30 | 112 | 132 | 5k+ | Non-prefixed global variable | ||
| #302 | PayU CommercePro Plugin | 30 | 95 | 270 | 7k+ | Text Domain Mismatch | ||
| #303 | SMTP for Amazon SES – YaySMTP | 30 | 197 | 122 | 3k+ | Exception output is not escaped | ||
| #304 | Taboola | 30 | 89 | 147 | 1k+ | Output is not escaped | ||
| #305 | Urvanov Syntax Highlighter | 30 | 221 | 87 | 3k+ | Output is not escaped | ||
| #306 | WCPOS – Point of Sale (POS) plugin for WooCommerce | 30 | 77 | 228 | 5k+ | Nonce verification recommended | ||
| #307 | WP 2FA – Two-factor authentication for WordPress | 30 | 269 | 380 | 100k+ | Exception output is not escaped | ||
| #308 | WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar | 30 | 113 | 419 | 1k+ | Non-prefixed global variable | ||
| #309 | WP Inventory Manager | 30 | 856 | 233 | 1k+ | Output is not escaped | ||
| #310 | WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | 30 | 32 | 346 | 4m+ | Non-prefixed hook name | ||
| #311 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | Non-prefixed global variable | ||
| #312 | HT Easy GA4 – Google Analytics WordPress Plugin | 31 | 475 | 93 | 6k+ | Text Domain Mismatch | ||
| #313 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #314 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #315 | Stackable – Page Builder Gutenberg Blocks | 31 | 477 | 90 | 100k+ | Non Singular String Literal Domain | ||
| #316 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #317 | APCu Manager | 32 | 151 | 126 | 10k+ | Output is not escaped | ||
| #318 | Speed Kit | 32 | 296 | 73 | 2k+ | Output is not escaped | ||
| #319 | Code Manager | 32 | 217 | 261 | 600 | Nonce verification recommended | ||
| #320 | CSV Import and Exporter | 32 | 83 | 138 | 1k+ | Non-prefixed global variable | ||
| #321 | GlotPress | 32 | 403 | 103 | 500 | Unsafe printing function | ||
| #322 | GSheetConnector For Ninja Forms | 32 | 165 | 93 | 1k+ | Unsafe printing function | ||
| #323 | GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) | 32 | 120 | 145 | 8k+ | Non-prefixed global variable | ||
| #324 | Account Engagement | 32 | 115 | 74 | 2k+ | Output is not escaped | ||
| #325 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | 32 | 348 | 258 | 50k+ | Output is not escaped | ||
| #326 | Relevanssi – A Better Search | 32 | 86 | 266 | 100k+ | Missing direct file access protection | ||
| #327 | Showcase IDX Real Estate Search & Lead Capture | 32 | 123 | 52 | 2k+ | Output is not escaped | ||
| #328 | User Registration Using Contact Form 7 | 32 | 103 | 15 | 500 | wp function not compatible with requires wp | ||
| #329 | WP 2-step verification | 32 | 154 | 65 | 1k+ | Output is not escaped | ||
| #330 | WP fail2ban – Advanced Security | 32 | 75 | 153 | 60k+ | Dynamic hook name | ||
| #331 | wpDirAuth | 32 | 250 | 135 | 600 | wp function not compatible with requires wp | ||
| #332 | WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More | 32 | 165 | 273 | 5m+ | Non-prefixed global variable | ||
| #333 | YITH WooCommerce Compare | 32 | 422 | 1,508 | 100k+ | Non-prefixed global variable | ||
| #334 | Background Per Page | 33 | 80 | 56 | 700 | Text Domain Mismatch | ||
| #335 | Device Detector | 33 | 209 | 112 | 600 | Output is not escaped | ||
| #336 | GetResponse Forms by Optin Cat | 33 | 68 | 138 | 1k+ | Missing direct file access protection | ||
| #337 | GSheetConnector for Forminator Forms | 33 | 128 | 201 | 1k+ | Non-prefixed global variable | ||
| #338 | Mentions légales [FR] | 33 | 238 | 48 | 2k+ | Text Domain Mismatch | ||
| #339 | IP2Location Redirection | 33 | 194 | 115 | 8k+ | Output is not escaped | ||
| #340 | LWSCache | 33 | 47 | 104 | 6k+ | Non-prefixed global variable | ||
| #341 | Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | 33 | 71 | 133 | 2k+ | Missing direct file access protection | ||
| #342 | Picture Gallery – Frontend Image Uploads, AJAX Photo List | 33 | 112 | 150 | 400 | Request data is not unslashed | ||
| #343 | Frisbii Pay | 33 | 91 | 292 | 1k+ | Non-prefixed global variable | ||
| #344 | Save as PDF Plugin by PDFCrowd | 33 | 299 | 254 | 1k+ | Non-prefixed global variable | ||
| #345 | Sessions | 33 | 196 | 103 | 900 | Output is not escaped | ||
| #346 | SMTP2GO for WordPress – Email Made Easy | 33 | 186 | 111 | 30k+ | Output is not escaped | ||
| #347 | WebToffee WP Backup and Migration | 33 | 132 | 222 | 5k+ | Non-prefixed global variable | ||
| #348 | WP Multilang – Translation and Multilingual Plugin | 33 | 51 | 118 | 10k+ | Database parameter is not escaped | ||
| #349 | WP-UserOnline | 33 | 111 | 161 | 10k+ | Output is not escaped | ||
| #350 | XML Sitemaps | 33 | 65 | 62 | 2k+ | Output is not escaped |
