WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
Non-prefixed hook name
The plugin defines a hook name without a plugin-specific prefix.
Why It Shows Up
WordPress loads many plugins in the same PHP runtime. Plugin Check found a global symbol or hook name that is not clearly namespaced to this plugin.
Why It Matters
Unprefixed globals can collide with WordPress core, themes, or other plugins, causing fatal errors, overwritten values, or handlers running in the wrong context.
How to Fix
- Choose a short, unique prefix or namespace based on the plugin slug or vendor name.
- Rename the hook name so it cannot collide with code from another plugin.
- For public hooks, document the final hook name and keep it stable after release.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2601 | SKP WP Admin Login Captcha | 39 | 77 | 18 | 1k+ | Output is not escaped | ||
| #2602 | Slash Admin | 39 | 116 | 38 | 500 | Output is not escaped | ||
| #2603 | Solid Post Likes | 39 | 96 | 52 | 500 | Text Domain Mismatch | ||
| #2604 | Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate | 39 | 42 | 226 | 500 | Request data is not unslashed | ||
| #2605 | Stock Ticker | 39 | 92 | 49 | 2k+ | Output is not escaped | ||
| #2606 | Tabify Edit Screen | 39 | 83 | 27 | 500 | Output is not escaped | ||
| #2607 | TinyMCE Spellcheck | 39 | 27 | 32 | 2k+ | Unsafe printing function | ||
| #2608 | TomS reCAPTCHA | 39 | 128 | 256 | 500 | Missing nonce verification | ||
| #2609 | Traffic Monitor | 39 | 6 | 143 | 1k+ | Direct Query | ||
| #2610 | UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | 39 | 7 | 100 | 9k+ | Nonce verification recommended | ||
| #2611 | Smart Variation Swatches and Attribute Filters for WooCommerce | 39 | 39 | 50 | 3k+ | Output is not escaped | ||
| #2612 | Video Blogster Lite | 39 | 29 | 80 | 700 | Missing nonce verification | ||
| #2613 | Virtuaria Correios – Frete, Etiqueta, Rastreio e Declaração | 39 | 18 | 81 | 500 | Nonce verification recommended | ||
| #2614 | Visual Portfolio, Photo Gallery & Post Grid | 39 | 34 | 189 | 60k+ | Non-prefixed hook name | ||
| #2615 | Website LLMs.txt | 39 | 13 | 145 | 40k+ | Non-prefixed global variable | ||
| #2616 | Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types | 39 | 89 | 117 | 20k+ | Unsafe printing function | ||
| #2617 | Lucky Wheel for WooCommerce – Spin a Sale | 39 | 12 | 153 | 1k+ | Request data is not unslashed | ||
| #2618 | CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x | 39 | 7 | 222 | 20k+ | Non-prefixed hook name | ||
| #2619 | Additional Variation Images Gallery for WooCommerce | 39 | 61 | 127 | 20k+ | Non-prefixed global variable | ||
| #2620 | Wallet for WooCommerce | 39 | 36 | 524 | 20k+ | Non-prefixed hook name | ||
| #2621 | Modal Fly Cart & AJAX Add to Cart for WooCommerce | 39 | 83 | 74 | 2k+ | Text Domain Mismatch | ||
| #2622 | Claudio Sanches – PagSeguro for WooCommerce | 39 | 87 | 37 | 10k+ | Unsafe printing function | ||
| #2623 | WooCommerce Product Dependencies | 39 | 44 | 60 | 3k+ | Missing nonce verification | ||
| #2624 | Aparat for WordPress | 39 | 59 | 14 | 3k+ | Output is not escaped | ||
| #2625 | WPEPP – Essential Security, Password Protect & Login Page Customizer | 39 | 34 | 29 | 3k+ | Unsupported Identifier Placeholder | ||
| #2626 | WP Multibyte Patch | 39 | 24 | 55 | 1m+ | Input is not sanitized | ||
| #2627 | WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload | 39 | 59 | 27 | 10k+ | Unsafe printing function | ||
| #2628 | WP Server Health Stats | 39 | 66 | 31 | 10k+ | Output is not escaped | ||
| #2629 | WP Sitemap Control | 39 | 31 | 37 | 400 | Output is not escaped | ||
| #2630 | You can quote me on that | 39 | 57 | 37 | 500 | Output is not escaped | ||
| #2631 | ACF Theme Code for Advanced Custom Fields | 40 | 478 | 40 | 10k+ | Output is not escaped | ||
| #2632 | Advanced Custom Fields: Font Awesome Field | 40 | 332 | 70 | 90k+ | Text Domain Mismatch | ||
| #2633 | Advanced WooCommerce Product Gallery Slider | 40 | 42 | 48 | 3k+ | Non-prefixed global variable | ||
| #2634 | AgreeMe Checkboxes For WooCommerce | 40 | 88 | 44 | 600 | Text Domain Mismatch | ||
| #2635 | AJAX Thumbnail Rebuild | 40 | 38 | 14 | 30k+ | Unsafe printing function | ||
| #2636 | Alt Magic: AI Image Alt Text Generator for WP & Image Rename | 40 | 55 | 118 | 1k+ | Direct Query | ||
| #2637 | amCharts: Charts and Maps | 40 | 263 | 113 | 2k+ | Text Domain Mismatch | ||
| #2638 | Atomic Edge Security – Firewall, Malware Scan and Login Security | 40 | 12 | 184 | 700 | Non-prefixed global variable | ||
| #2639 | AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) | 40 | 2 | 135 | 2k+ | Interpolated SQL is not prepared | ||
| #2640 | Bangladeshi Payment Gateways – Make Payment Using QR Code | 40 | 40 | 36 | 5k+ | Output is not escaped | ||
| #2641 | Better Internal Link Search | 40 | 23 | 48 | 1k+ | strip tags strip tags | ||
| #2642 | Black Studio TinyMCE Widget | 40 | 39 | 28 | 200k+ | Output is not escaped | ||
| #2643 | Broken Link Notifier | 40 | 11 | 193 | 1k+ | Non-prefixed global variable | ||
| #2644 | BuddyPress Profile Completion | 40 | 28 | 30 | 500 | Output is not escaped | ||
| #2645 | Bulk Featured Image | 40 | 69 | 117 | 800 | Output is not escaped | ||
| #2646 | Bulk Move | 40 | 85 | 44 | 9k+ | Unsafe printing function | ||
| #2647 | Catalog for Woocommerce | 40 | 92 | 75 | 1k+ | Output is not escaped | ||
| #2648 | Categories Metabox Enhanced | 40 | 77 | 36 | 1k+ | Output is not escaped | ||
| #2649 | Classified Ads | 40 | 136 | 38 | 1k+ | Text Domain Mismatch | ||
| #2650 | Cleaner Gallery | 40 | 40 | 8 | 2k+ | Unsafe printing function |