WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Non-prefixed global variable
The plugin defines a global variable without a plugin-specific prefix.
Why It Shows Up
WordPress loads many plugins in the same PHP runtime. Plugin Check found a global symbol or hook name that is not clearly namespaced to this plugin.
Why It Matters
Unprefixed globals can collide with WordPress core, themes, or other plugins, causing fatal errors, overwritten values, or handlers running in the wrong context.
How to Fix
- Choose a short, unique prefix or namespace based on the plugin slug or vendor name.
- Rename the global variable so it cannot collide with code from another plugin.
- For public hooks, document the final hook name and keep it stable after release.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #3451 | WPC Smart Wishlist for WooCommerce | 48 | 44 | 38 | 100k+ | Output is not escaped | ||
| #3452 | WP First Letter Avatar | 48 | 40 | 7 | 2k+ | Output is not escaped | ||
| #3453 | WP Google Search | 48 | 45 | 17 | 5k+ | Output is not escaped | ||
| #3454 | wp-Monalisa | 48 | 56 | 94 | 700 | Direct Query | ||
| #3455 | WP Remote Users Sync | 48 | 355 | 117 | 6k+ | Text Domain Mismatch | ||
| #3456 | WS Action Scheduler Cleaner | 48 | 13 | 80 | 2k+ | error log error log | ||
| #3457 | ACF Quick Edit Fields | 49 | 20 | 72 | 30k+ | Nonce verification recommended | ||
| #3458 | AffiliateWP – Leaderboard | 49 | 68 | 13 | 1k+ | Output is not escaped | ||
| #3459 | Advanced Automatic Updates | 49 | 26 | 25 | 20k+ | Nonce verification recommended | ||
| #3460 | Batcache | 49 | 12 | 53 | 700 | Input is not sanitized | ||
| #3461 | Analytics by BestWebSoft – Google Analytics Dashboard and Statistic Plugin for WordPress | 49 | 478 | 176 | 1k+ | Text Domain Mismatch | ||
| #3462 | CallPage – Callback Widget | 49 | 41 | 17 | 1k+ | Non Singular String Literal Domain | ||
| #3463 | Successful Redirection for Contact Form | 49 | 33 | 20 | 10k+ | Text Domain Mismatch | ||
| #3464 | Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode | 49 | 148 | 176 | 100k+ | Non-prefixed global variable | ||
| #3465 | Download Media Library | 49 | 22 | 40 | 1k+ | Text Domain Mismatch | ||
| #3466 | Drag and Drop Multiple File Upload for WooCommerce | 49 | 114 | 29 | 5k+ | Text Domain Mismatch | ||
| #3467 | FooSales – Point of Sale (POS) for WooCommerce | 49 | 92 | 190 | 700 | Non-prefixed global variable | ||
| #3468 | Ecommerce Fabrick | 49 | 4 | 135 | 1k+ | Nonce verification recommended | ||
| #3469 | Web Icons | 49 | 51 | 10 | 1k+ | Output is not escaped | ||
| #3470 | Read Meter – Reading Time & Progress Bar | 49 | 39 | 50 | 10k+ | Request data is not unslashed | ||
| #3471 | ReCrawler | 49 | 10 | 40 | 4k+ | Direct Query | ||
| #3472 | Registered Users Only | 49 | 14 | 14 | 2k+ | Unsafe printing function | ||
| #3473 | Scroll Back To Top Button | 49 | 73 | 1 | 3k+ | Missing Arg Domain | ||
| #3474 | Search in Place | 49 | 74 | 57 | 3k+ | wp function not compatible with requires wp | ||
| #3475 | SKT Themes Demo Import | 49 | 218 | 104 | 4k+ | Text Domain Mismatch | ||
| #3476 | Stop Pinging Yourself | 49 | 47 | 8 | 600 | Non Singular String Literal Domain | ||
| #3477 | Taxonomy Images | 49 | 38 | 50 | 9k+ | Output is not escaped | ||
| #3478 | UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks | 49 | 34 | 38 | 40k+ | Missing direct file access protection | ||
| #3479 | Gateway for Wise on WooCommerce | 49 | 28 | 30 | 1k+ | Output is not escaped | ||
| #3480 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 4k+ | Non-prefixed global variable | ||
| #3481 | WooBuilder | 49 | 20 | 17 | 700 | Output is not escaped | ||
| #3482 | Product Slider, Product Grid, Product Masonry | 49 | 55 | 144 | 10k+ | wp function not compatible with requires wp | ||
| #3483 | WP Post Disclaimer | 49 | 34 | 27 | 800 | Output is not escaped | ||
| #3484 | WP Smart Import : Import any XML File to WordPress | 49 | 28 | 302 | 1k+ | Non-prefixed global variable | ||
| #3485 | Booster for WPForms | 50 | 79 | 45 | 800 | Text Domain Mismatch | ||
| #3486 | BuddyPress Groups Extras | 50 | 30 | 51 | 400 | Missing direct file access protection | ||
| #3487 | Category AJAX Filter — Advanced Filter for Posts & Custom Post Types | 50 | 2 | 435 | 6k+ | Non-prefixed global variable | ||
| #3488 | Customize Tawk.to Widget | 50 | 21 | 28 | 500 | Request data is not unslashed | ||
| #3489 | Dynamic Pricing and Discount Rules | 50 | 25 | 65 | 1k+ | Non Singular String Literal Text | ||
| #3490 | File Manager | 50 | 42 | 72 | 10k+ | Missing direct file access protection | ||
| #3491 | HT Slider For Elementor | 50 | 884 | 40 | 20k+ | Text Domain Mismatch | ||
| #3492 | IMGspider – 图片采集抓取插件 | 50 | 12 | 49 | 2k+ | Missing nonce verification | ||
| #3493 | Custom Block Builder – Lazy Blocks | 50 | 23 | 51 | 20k+ | Non-prefixed hook name | ||
| #3494 | Mailster Gravity Forms | 50 | 46 | 32 | 800 | Text Domain Mismatch | ||
| #3495 | Pago por Redsys | 50 | 44 | 59 | 700 | Text Domain Mismatch | ||
| #3496 | PostmagThemes Demo Import | 50 | 191 | 114 | 1k+ | Text Domain Mismatch | ||
| #3497 | Send Emails with Mandrill | 50 | 36 | 141 | 6k+ | Non-prefixed global variable | ||
| #3498 | Simple User Listing | 50 | 27 | 56 | 900 | Non-prefixed global variable | ||
| #3499 | Sözleşmeler | 50 | 6 | 36 | 1k+ | Input is not sanitized | ||
| #3500 | TrustedSite | 50 | 29 | 14 | 20k+ | Output is not escaped |