WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Non-prefixed global variable
The plugin defines a global variable without a plugin-specific prefix.
Why It Shows Up
WordPress loads many plugins in the same PHP runtime. Plugin Check found a global symbol or hook name that is not clearly namespaced to this plugin.
Why It Matters
Unprefixed globals can collide with WordPress core, themes, or other plugins, causing fatal errors, overwritten values, or handlers running in the wrong context.
How to Fix
- Choose a short, unique prefix or namespace based on the plugin slug or vendor name.
- Rename the global variable so it cannot collide with code from another plugin.
- For public hooks, document the final hook name and keep it stable after release.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2901 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output is not escaped | ||
| #2902 | Block Editor Bootstrap Blocks | 39 | 173 | 50 | 900 | Text Domain Mismatch | ||
| #2903 | BuddyPress Notification Widget | 39 | 54 | 31 | 600 | Output is not escaped | ||
| #2904 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 16 | 46 | 10k+ | Request data is not unslashed | ||
| #2905 | Calculator Builder – Create an Online Calculator | 39 | 16 | 221 | 1k+ | Non-prefixed global variable | ||
| #2906 | CatFolders Document Gallery & PDF Library | 39 | 66 | 32 | 3k+ | Output is not escaped | ||
| #2907 | Saitama Addon Pack | 39 | 152 | 27 | 1k+ | Output is not escaped | ||
| #2908 | Innozilla Skins for Contact Form 7 | 39 | 152 | 22 | 2k+ | Output is not escaped | ||
| #2909 | Constant Contact + WooCommerce | 39 | 27 | 91 | 1k+ | Nonce verification recommended | ||
| #2910 | Contact Form 7 – Dynamic Text Extension | 39 | 103 | 28 | 100k+ | Output is not escaped | ||
| #2911 | Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR) | 39 | 28 | 45 | 80k+ | Missing nonce verification | ||
| #2912 | Culqi | 39 | 571 | 88 | 1k+ | Text Domain Mismatch | ||
| #2913 | Custom Post Type Auto Menu | 39 | 54 | 33 | 500 | Text Domain Mismatch | ||
| #2914 | Custom Post Type Parents | 39 | 75 | 18 | 900 | Output is not escaped | ||
| #2915 | Custom Thank You for WooCommerce | 39 | 107 | 57 | 400 | Output is not escaped | ||
| #2916 | Da Reactions | 39 | 15 | 140 | 400 | Request data is not unslashed | ||
| #2917 | Datalogics Ecommerce Delivery – Datalogics | 39 | 13 | 115 | 500 | Nonce verification recommended | ||
| #2918 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #2919 | Donation Thermometer | 39 | 718 | 84 | 2k+ | Output is not escaped | ||
| #2920 | Drip for Gravity Forms | 39 | 41 | 21 | 500 | Unsafe printing function | ||
| #2921 | Dublin Core Metadata Generator | 39 | 74 | 15 | 900 | Output is not escaped | ||
| #2922 | Duplicate Killer – Prevent Duplicate Form Submissions | 39 | 57 | 103 | 1k+ | Non-prefixed global variable | ||
| #2923 | Easy PayPal Events & Tickets | 39 | 28 | 550 | 1k+ | Request data is not unslashed | ||
| #2924 | Editor Menu and Widget Access | 39 | 81 | 24 | 7k+ | Output is not escaped | ||
| #2925 | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | 39 | 73 | 348 | 1m+ | Non-prefixed global variable | ||
| #2926 | Email Marketing by EmailOctopus | 39 | 43 | 62 | 3k+ | Non-prefixed global variable | ||
| #2927 | BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress | 39 | 480 | 226 | 4k+ | Text Domain Mismatch | ||
| #2928 | Flamix: Bitrix24 and WooCommerce Orders integration | 39 | 81 | 31 | 500 | Output is not escaped | ||
| #2929 | Flex Import | 39 | 15 | 140 | 500 | Non-prefixed global variable | ||
| #2930 | Floating Action Button | 39 | 164 | 69 | 1k+ | Unsafe printing function | ||
| #2931 | Gift Up Gift Cards for WordPress and WooCommerce | 39 | 94 | 60 | 5k+ | Output is not escaped | ||
| #2932 | Graphina – Charts and Graphs For Elementor | 39 | 1,895 | 113 | 10k+ | Text Domain Mismatch | ||
| #2933 | Hide My WP Lite | 39 | 24 | 62 | 400 | Nonce verification recommended | ||
| #2934 | Maintenance Mode | 39 | 86 | 109 | 7k+ | Output is not escaped | ||
| #2935 | hpb seo plugin for WordPress | 39 | 15 | 87 | 2k+ | Non-prefixed global variable | ||
| #2936 | HW Image Widget | 39 | 138 | 41 | 1k+ | Output is not escaped | ||
| #2937 | S2W – Import Shopify to WooCommerce | 39 | 8 | 132 | 3k+ | Request data is not unslashed | ||
| #2938 | Improved Save Button | 39 | 44 | 52 | 4k+ | Missing Translators Comment | ||
| #2939 | Insert Amz Images | 39 | 79 | 44 | 1k+ | Output is not escaped | ||
| #2940 | JetGridBuilder — Grid Builder for Elementor and Gutenberg | 39 | 414 | 40 | 4k+ | Text Domain Mismatch | ||
| #2941 | Leaflet Map | 39 | 59 | 32 | 30k+ | Output is not escaped | ||
| #2942 | Logo Showcase – Logo Slider, Carousel & Sponsors Gallery | 39 | 535 | 98 | 1k+ | Text Domain Mismatch | ||
| #2943 | Logo Showcase – Carousel, Slider, Grid & List for WordPress | 39 | 123 | 160 | 400 | Unsafe printing function | ||
| #2944 | LuckyWP Table of Contents | 39 | 438 | 62 | 100k+ | Output is not escaped | ||
| #2945 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | 39 | 65 | 72 | 6k+ | block api version too low | ||
| #2946 | MailChimp Add-On for FormCraft | 39 | 56 | 29 | 800 | curl curl setopt | ||
| #2947 | Manage Enrollment for LearnDash | 39 | 48 | 79 | 400 | Unsafe printing function | ||
| #2948 | Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce | 39 | 76 | 64 | 1k+ | Missing Translators Comment | ||
| #2949 | Maps for WP | 39 | 169 | 73 | 400 | Output is not escaped | ||
| #2950 | Mega Addons For WPBakery Page Builder | 39 | 1,320 | 154 | 20k+ | Text Domain Mismatch |
