PluginCheck.CodeAnalysis.Heredoc.NotAllowed
Not Allowed
Plugin Check reported a maintainability issue that can make the plugin harder to review, run, or update.
Why It Shows Up
The finding matches a WordPress coding-standard or Plugin Check rule for code clarity, compatibility, packaging, or API usage.
Why It Matters
Maintainability findings reduce confidence that the plugin will behave consistently across hosts, WordPress versions, and other plugins.
How to Fix
- Find the exact file and line in the raw scan output.
- Prefer WordPress APIs and standard coding patterns over custom or legacy behavior.
- If the warning is from bundled third-party code, document that separately and avoid modifying vendor files unless necessary.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | Dynamic Visibility for Elementor | 36 | 56 | 89 | 50k+ | Non-prefixed hook name | ||
| #402 | Google Webfont Optimizer | 36 | 45 | 49 | 700 | Output is not escaped | ||
| #403 | Optimize Social Share | 36 | 203 | 61 | 3k+ | Unsafe printing function | ||
| #404 | If-So Geolocation | 36 | 50 | 57 | 1k+ | Non-prefixed global variable | ||
| #405 | Login as User | 36 | 101 | 64 | 30k+ | Output is not escaped | ||
| #406 | Ozh' Admin Drop Down Menu | 36 | 125 | 43 | 3k+ | Output is not escaped | ||
| #407 | Sync QCloud COS | 36 | 63 | 109 | 600 | Non-prefixed function | ||
| #408 | Slider Ultimate | 36 | 294 | 80 | 500 | Output is not escaped | ||
| #409 | Out of Stock Message Manager for WooCommerce | 36 | 293 | 95 | 2k+ | Text Domain Mismatch | ||
| #410 | Payment Button for PayPal | 36 | 155 | 86 | 4k+ | Unsafe printing function | ||
| #411 | WP Stripe Checkout | 36 | 198 | 118 | 1k+ | Unsafe printing function | ||
| #412 | WP fail2ban Blocklist | 36 | 61 | 63 | 3k+ | SQL query is not prepared | ||
| #413 | Checkout for PayPal | 37 | 134 | 67 | 600 | Unsafe printing function | ||
| #414 | Easy Photo Album | 37 | 360 | 43 | 1k+ | Text Domain Mismatch | ||
| #415 | Get Custom Field Values | 37 | 40 | 44 | 1k+ | Output is not escaped | ||
| #416 | 果果推送 | 37 | 31 | 56 | 1k+ | Nonce verification recommended | ||
| #417 | Gmail SMTP | 37 | 84 | 73 | 10k+ | Unsafe printing function | ||
| #418 | GoPay for WooCommerce | 37 | 66 | 103 | 1k+ | Non-prefixed global variable | ||
| #419 | Monobank WP Payment | 37 | 78 | 41 | 1k+ | Text Domain Mismatch | ||
| #420 | Rich Table of Contents | 37 | 262 | 57 | 20k+ | Output is not escaped | ||
| #421 | Social Comments | 37 | 59 | 32 | 400 | Output is not escaped | ||
| #422 | Widget Responsive for Youtube | 37 | 240 | 7 | 7k+ | Output is not escaped | ||
| #423 | AdRoll for WooCommerce Stores | 38 | 40 | 25 | 600 | Output is not escaped | ||
| #424 | Car Route Planner Plugin | 38 | 135 | 17 | 400 | Output is not escaped | ||
| #425 | Front-end Editor | 38 | 78 | 62 | 500 | Output is not escaped | ||
| #426 | Coding Chicken – JetEngine Importer | 38 | 55 | 29 | 400 | Missing direct file access protection | ||
| #427 | Ozh' Better Feed | 38 | 45 | 35 | 600 | Heredoc Output Not Escaped | ||
| #428 | Responsive Mailform ( Plugin Version ) – easy, responsive, contact, mailform | 38 | 120 | 107 | 500 | Output is not escaped | ||
| #429 | SCSS WP Editor | 38 | 111 | 40 | 900 | Exception output is not escaped | ||
| #430 | Slickstream: Engagement and Conversions | 38 | 100 | 19 | 2k+ | Output is not escaped | ||
| #431 | VdoCipher: Secure Video Player and Hosting | 38 | 37 | 54 | 2k+ | Non-prefixed function | ||
| #432 | W2S – Migrate WooCommerce to Shopify | 38 | 33 | 132 | 1k+ | Non-prefixed global variable | ||
| #433 | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | 38 | 205 | 31 | 10k+ | Output is not escaped | ||
| #434 | WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices | 38 | 40 | 180 | 2k+ | Non-prefixed global variable | ||
| #435 | WP Video Lightbox | 38 | 107 | 67 | 30k+ | Unsafe printing function | ||
| #436 | YouTube widget | 38 | 39 | 25 | 400 | Output is not escaped | ||
| #437 | Accessibility by AllAccessible | 39 | 200 | 82 | 2k+ | Unsafe printing function | ||
| #438 | Constant Contact + WooCommerce | 39 | 27 | 91 | 1k+ | Nonce verification recommended | ||
| #439 | Genesis Dambuster | 39 | 94 | 67 | 3k+ | Output is not escaped | ||
| #440 | Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce | 39 | 76 | 64 | 1k+ | Missing Translators Comment | ||
| #441 | Query Multiple Taxonomies | 39 | 55 | 41 | 500 | Output is not escaped | ||
| #442 | Smart Archives Reloaded | 39 | 78 | 36 | 1k+ | Non Singular String Literal Domain | ||
| #443 | Uptolike Social Share Buttons | 39 | 38 | 33 | 4k+ | Output is not escaped | ||
| #444 | UserHeat Plugin | 39 | 121 | 20 | 6k+ | Non Singular String Literal Domain | ||
| #445 | WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload | 39 | 59 | 27 | 10k+ | Unsafe printing function | ||
| #446 | Allow Multiple Accounts | 40 | 115 | 19 | 9k+ | Non Singular String Literal Domain | ||
| #447 | Dashify: WooCommerce admin dashboard theme | 40 | 16 | 131 | 900 | Nonce verification recommended | ||
| #448 | FlyWP Helper – Page Cache, Page Optimization, Emails for FlyWP Server Control Panel | 40 | 20 | 81 | 4k+ | Non-prefixed global variable | ||
| #449 | heatmap for WordPress – Realtime analytics | 40 | 94 | 15 | 1k+ | Non Singular String Literal Domain | ||
| #450 | Loan Comparison | 40 | 27 | 192 | 400 | Request data is not unslashed |
