PluginCheck.CodeAnalysis.Heredoc.NotAllowed
Not Allowed
Plugin Check reported a maintainability issue that can make the plugin harder to review, run, or update.
Why It Shows Up
The finding matches a WordPress coding-standard or Plugin Check rule for code clarity, compatibility, packaging, or API usage.
Why It Matters
Maintainability findings reduce confidence that the plugin will behave consistently across hosts, WordPress versions, and other plugins.
How to Fix
- Find the exact file and line in the raw scan output.
- Prefer WordPress APIs and standard coding patterns over custom or legacy behavior.
- If the warning is from bundled third-party code, document that separately and avoid modifying vendor files unless necessary.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #351 | Advanced Coupons for WooCommerce Coupons & Store Credit | 34 | 74 | 214 | 20k+ | Non-prefixed global variable | ||
| #352 | Document Library Lite | 34 | 149 | 85 | 4k+ | Text Domain Mismatch | ||
| #353 | EasyIndex | 34 | 74 | 135 | 1k+ | Missing nonce verification | ||
| #354 | ECS – Ele Custom Skin for Elementor | 34 | 99 | 205 | 100k+ | Text Domain Mismatch | ||
| #355 | Meta for WooCommerce | 34 | 66 | 186 | 400k+ | Non-prefixed hook name | ||
| #356 | Fancy Comments WordPress | 34 | 359 | 39 | 2k+ | Unsafe printing function | ||
| #357 | Gitium | 34 | 149 | 57 | 400 | Output is not escaped | ||
| #358 | Inavii Social Feed – Live Social Proof Gallery | 34 | 532 | 180 | 9k+ | Text Domain Mismatch | ||
| #359 | Login with Vipps and MobilePay | 34 | 263 | 174 | 900 | Output is not escaped | ||
| #360 | Payoneer Checkout | 34 | 168 | 41 | 6k+ | Exception output is not escaped | ||
| #361 | Saphali Woocommerce Lite | 34 | 376 | 313 | 10k+ | Non-prefixed global variable | ||
| #362 | Search Meter | 34 | 191 | 94 | 20k+ | Output is not escaped | ||
| #363 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #364 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | ||
| #365 | Ultimate 410 Gone Status Code | 34 | 136 | 65 | 7k+ | Output is not escaped | ||
| #366 | Product Tabs for WooCommerce | 34 | 196 | 93 | 10k+ | Text Domain Mismatch | ||
| #367 | WP-SCSS | 34 | 269 | 13 | 40k+ | Exception output is not escaped | ||
| #368 | ACF: Image Hotspots Field | 35 | 26 | 5 | 2k+ | Text Domain Mismatch | ||
| #369 | Animate In View | 35 | 12 | 0 | 1k+ | Hidden files included | ||
| #370 | Avif Express | 35 | 26 | 167 | 400 | Input is not validated | ||
| #371 | Better Recent Comments | 35 | 127 | 29 | 2k+ | Text Domain Mismatch | ||
| #372 | Core Framework | 35 | 70 | 62 | 10k+ | Text Domain Mismatch | ||
| #373 | Create Block Theme | 35 | 43 | 5 | 20k+ | unlink unlink | ||
| #374 | Easy Noindex And Nofollow | 35 | 55 | 18 | 400 | Output is not escaped | ||
| #375 | Easy Post Types and Fields | 35 | 138 | 135 | 1k+ | Text Domain Mismatch | ||
| #376 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #377 | AI Popup Builder & Popup Maker by OptiMonk | 35 | 81 | 65 | 4k+ | Text Domain Mismatch | ||
| #378 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #379 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | Missing direct file access protection | ||
| #380 | mosparo Integration | 35 | 114 | 301 | 900 | Missing nonce verification | ||
| #381 | Never Let Me Go | 35 | 34 | 47 | 400 | Non-prefixed global variable | ||
| #382 | OPcache Manager | 35 | 155 | 75 | 1k+ | Output is not escaped | ||
| #383 | Pochipp | 35 | 27 | 102 | 20k+ | Non-prefixed global variable | ||
| #384 | Post List Featured Image | 35 | 112 | 100 | 1k+ | Output is not escaped | ||
| #385 | Post Password Token | 35 | 132 | 38 | 600 | Text Domain Mismatch | ||
| #386 | Posts Table with Search & Sort | 35 | 143 | 33 | 3k+ | Text Domain Mismatch | ||
| #387 | RPS Image Gallery | 35 | 88 | 16 | 800 | Output is not escaped | ||
| #388 | Solid Performance – Your No-Code Caching, Performance, & Page Speed Solution | 35 | 75 | 61 | 4k+ | Exception output is not escaped | ||
| #389 | SrbTransLatin – Serbian Latinisation | 35 | 11 | 28 | 2k+ | Non-prefixed global variable | ||
| #390 | The Courier Guy Shipping for WooCommerce | 35 | 57 | 107 | 3k+ | Missing nonce verification | ||
| #391 | Two Factor Authentication | 35 | 108 | 139 | 20k+ | Output is not escaped | ||
| #392 | Vendi Abandoned Plugin Check | 35 | 13 | 3 | 1k+ | trademarked term | ||
| #393 | Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices | 35 | 22 | 52 | 20k+ | Direct Query | ||
| #394 | BulkGate SMS Plugin for WooCommerce | 35 | 33 | 32 | 1k+ | Output is not escaped | ||
| #395 | WP-PageNavi | 35 | 84 | 95 | 500k+ | Non Singular String Literal Domain | ||
| #396 | Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts | 35 | 48 | 114 | 5k+ | Non-prefixed hook name | ||
| #397 | Yes/No Chart | 35 | 136 | 139 | 2k+ | Unsafe printing function | ||
| #398 | authLdap | 36 | 47 | 30 | 5k+ | Exception output is not escaped | ||
| #399 | bpost shipping | 36 | 97 | 43 | 700 | Output is not escaped | ||
| #400 | ColorMeShop WordPress Plugin | 36 | 392 | 37 | 600 | Exception output is not escaped |
