WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Non-prefixed global variable
The plugin defines a global variable without a plugin-specific prefix.
Why It Shows Up
WordPress loads many plugins in the same PHP runtime. Plugin Check found a global symbol or hook name that is not clearly namespaced to this plugin.
Why It Matters
Unprefixed globals can collide with WordPress core, themes, or other plugins, causing fatal errors, overwritten values, or handlers running in the wrong context.
How to Fix
- Choose a short, unique prefix or namespace based on the plugin slug or vendor name.
- Rename the global variable so it cannot collide with code from another plugin.
- For public hooks, document the final hook name and keep it stable after release.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2851 | TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys | 38 | 71 | 49 | 900 | Output is not escaped | ||
| #2852 | Visual Admin Customizer | 38 | 20 | 51 | 500 | Input is not sanitized | ||
| #2853 | W2S – Migrate WooCommerce to Shopify | 38 | 33 | 132 | 1k+ | Non-prefixed global variable | ||
| #2854 | Chatbox Manager | 38 | 855 | 78 | 400 | Output is not escaped | ||
| #2855 | SSLCommerz Payment Gateway | 38 | 21 | 132 | 2k+ | Non-prefixed global variable | ||
| #2856 | Affiliate Sales in Google Analytics and other tools | 38 | 23 | 84 | 1k+ | Request data is not unslashed | ||
| #2857 | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | 38 | 205 | 31 | 10k+ | Output is not escaped | ||
| #2858 | WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices | 38 | 40 | 180 | 2k+ | Non-prefixed global variable | ||
| #2859 | WishSuite – Wishlist for WooCommerce | 38 | 76 | 133 | 1k+ | Output is not escaped | ||
| #2860 | Photo Reviews for WooCommerce | 38 | 26 | 222 | 10k+ | Request data is not unslashed | ||
| #2861 | Vietnam Checkout for WooCommerce | 38 | 93 | 137 | 10k+ | Nonce verification recommended | ||
| #2862 | WooSwipe WooCommerce Gallery | 38 | 88 | 82 | 3k+ | Non-prefixed global variable | ||
| #2863 | WP-Ban | 38 | 99 | 108 | 8k+ | Unsafe printing function | ||
| #2864 | WP Client Reports | 38 | 95 | 80 | 6k+ | Unsafe printing function | ||
| #2865 | WP-CommentNavi | 38 | 68 | 46 | 700 | Output is not escaped | ||
| #2866 | WP Content Copy Protection with Color Design | 38 | 96 | 61 | 5k+ | Non Singular String Literal Domain | ||
| #2867 | WP Mail SMTP SendGrid Edition | 38 | 102 | 19 | 500 | Text Domain Mismatch | ||
| #2868 | WP Mailgun SMTP | 38 | 99 | 51 | 900 | Text Domain Mismatch | ||
| #2869 | mb.miniAudioPlayer – an HTML5 audio player for your mp3 files | 38 | 204 | 6 | 4k+ | Unsafe printing function | ||
| #2870 | Real-Time Post Statistics for WordPress | 38 | 63 | 68 | 2k+ | SQL query is not prepared | ||
| #2871 | WP Safe Mode | 38 | 95 | 55 | 2k+ | Output is not escaped | ||
| #2872 | External Store for Shopify | 38 | 97 | 33 | 2k+ | Output is not escaped | ||
| #2873 | WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups | 38 | 299 | 58 | 3k+ | Non Singular String Literal Domain | ||
| #2874 | WP Video Lightbox | 38 | 107 | 67 | 30k+ | Unsafe printing function | ||
| #2875 | WPC Product Options for WooCommerce | 38 | 57 | 182 | 4k+ | Non-prefixed global variable | ||
| #2876 | mb.YTPlayer for background videos | 38 | 80 | 29 | 1k+ | Unsafe printing function | ||
| #2877 | Zoho Campaigns | 38 | 3 | 129 | 3k+ | Non-prefixed global variable | ||
| #2878 | Accounting for WooCommerce | 39 | 87 | 115 | 500 | Unsafe printing function | ||
| #2879 | ACF: Google Font Selector | 39 | 57 | 45 | 3k+ | Output is not escaped | ||
| #2880 | Add Tiktok Pixel for Tiktok ads (+Woocommerce) | 39 | 94 | 25 | 2k+ | Output is not escaped | ||
| #2881 | Additional Order Filters for WooCommerce | 39 | 79 | 255 | 2k+ | Nonce verification recommended | ||
| #2882 | Advanced Categories Widget | 39 | 170 | 41 | 800 | Output is not escaped | ||
| #2883 | Advanced Product Fields (Product Addons) for WooCommerce | 39 | 145 | 145 | 50k+ | Output is not escaped | ||
| #2884 | Affiliate Links – Link Cloaking and Management | 39 | 23 | 113 | 3k+ | Non-prefixed global variable | ||
| #2885 | AffiliateWP – Affiliate Area Tabs | 39 | 86 | 26 | 3k+ | Output is not escaped | ||
| #2886 | Accessibility by AllAccessible | 39 | 200 | 82 | 2k+ | Unsafe printing function | ||
| #2887 | Andreani WooCommerce | 39 | 21 | 86 | 700 | Non-prefixed global variable | ||
| #2888 | Anything Order by Terms | 39 | 48 | 93 | 1k+ | Direct Query | ||
| #2889 | Ads.txt & App-ads.txt Manager for WordPress | 39 | 97 | 23 | 2k+ | Output is not escaped | ||
| #2890 | Archive Control | 39 | 151 | 67 | 1k+ | Unsafe printing function | ||
| #2891 | Australia Post WooCommerce Extension | 39 | 99 | 12 | 3k+ | Text Domain Mismatch | ||
| #2892 | Header Footer for Beaver Builder | 39 | 39 | 31 | 10k+ | Output is not escaped | ||
| #2893 | bbPress Moderation | 39 | 75 | 15 | 500 | Non Singular String Literal Domain | ||
| #2894 | BIP Pages | 39 | 98 | 25 | 400 | Short PHP open tag found | ||
| #2895 | Birds Custom Login | 39 | 196 | 23 | 4k+ | Non Singular String Literal Domain | ||
| #2896 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output is not escaped | ||
| #2897 | Block Editor Bootstrap Blocks | 39 | 173 | 50 | 900 | Text Domain Mismatch | ||
| #2898 | BuddyPress Notification Widget | 39 | 54 | 31 | 600 | Output is not escaped | ||
| #2899 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 16 | 46 | 10k+ | Request data is not unslashed | ||
| #2900 | Calculator Builder – Create an Online Calculator | 39 | 16 | 221 | 1k+ | Non-prefixed global variable |