plugin_updater_detected
plugin updater detected
The plugin appears to include its own update or modification mechanism.
Why It Shows Up
Plugin Check found updater code or code that modifies plugin files outside the normal WordPress.org update flow.
Why It Matters
Custom update mechanisms can bypass repository review, surprise site owners, or change executable code after installation.
How to Fix
- Remove custom updater code from WordPress.org releases when it is not needed.
- Do not rewrite plugin source files at runtime.
- If remote updates are intentional outside WordPress.org, document the trust model and protect it with strong validation.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #501 | YITH WooCommerce Tab Manager | 31 | 395 | 1,429 | 4k+ | Non-prefixed global variable | ||
| #502 | YML for Yandex Market | 31 | 37 | 293 | 10k+ | Non-prefixed global variable | ||
| #503 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | Non-prefixed global variable | ||
| #504 | APCu Manager | 32 | 151 | 126 | 10k+ | Output is not escaped | ||
| #505 | Better Chat Support for Messenger | 32 | 73 | 103 | 1k+ | Interpolated SQL is not prepared | ||
| #506 | Quantity Discounts, Breaks & Product Bundles for Woocommerce By Bundler | 32 | 147 | 319 | 400 | Direct Query | ||
| #507 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | Unsafe printing function | ||
| #508 | AC's Loan Calculator | 32 | 246 | 187 | 400 | Unsafe printing function | ||
| #509 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 776 | 9k+ | Nonce verification recommended | ||
| #510 | Jetpack VaultPress Backup | 32 | 554 | 211 | 20k+ | Text Domain Mismatch | ||
| #511 | WP Mobile Menu – The Mobile-Friendly Responsive Menu | 32 | 990 | 195 | 80k+ | Output is not escaped | ||
| #512 | Revolut Gateway for WooCommerce | 32 | 85 | 157 | 6k+ | Input is not sanitized | ||
| #513 | Theme My Login | 32 | 251 | 549 | 60k+ | Non-prefixed function | ||
| #514 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | Output is not escaped | ||
| #515 | Privacy Policy Generator – WPLP Legal Pages | 32 | 26 | 409 | 10k+ | Non-prefixed global variable | ||
| #516 | YITH Infinite Scrolling | 32 | 387 | 1,417 | 10k+ | Non-prefixed global variable | ||
| #517 | YITH WooCommerce Badge Management | 32 | 413 | 1,446 | 10k+ | Non-prefixed global variable | ||
| #518 | YITH WooCommerce Compare | 32 | 422 | 1,508 | 100k+ | Non-prefixed global variable | ||
| #519 | YITH WooCommerce Quick View | 32 | 388 | 1,420 | 90k+ | Non-prefixed global variable | ||
| #520 | Device Detector | 33 | 209 | 112 | 600 | Output is not escaped | ||
| #521 | GetResponse Forms by Optin Cat | 33 | 68 | 138 | 1k+ | Missing direct file access protection | ||
| #522 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | 33 | 274 | 106 | 3k+ | Text Domain Mismatch | ||
| #523 | Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | 33 | 71 | 133 | 2k+ | Missing direct file access protection | ||
| #524 | Sessions | 33 | 196 | 103 | 900 | Output is not escaped | ||
| #525 | Gravity Booster – Styles & Layouts for Gravity Forms | 33 | 277 | 87 | 40k+ | Missing Arg Domain | ||
| #526 | Books Gallery – Book Showcase, Library & Affiliate Plugin | 33 | 1,753 | 178 | 2k+ | Output is not escaped | ||
| #527 | affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display | 34 | 326 | 75 | 2k+ | Output is not escaped | ||
| #528 | All-in-One WP Migration and Backup | 34 | 47 | 69 | 5m+ | Missing nonce verification | ||
| #529 | Document Library Lite | 34 | 149 | 85 | 4k+ | Text Domain Mismatch | ||
| #530 | Meta for WooCommerce | 34 | 66 | 186 | 400k+ | Non-prefixed hook name | ||
| #531 | HollerBox — Fast & Effective Popups & Lead-Generation | 34 | 78 | 92 | 2k+ | Output is not escaped | ||
| #532 | My Tickets – Accessible Event Ticketing | 34 | 314 | 566 | 700 | Nonce verification recommended | ||
| #533 | Product Tabs for WooCommerce | 34 | 196 | 93 | 10k+ | Text Domain Mismatch | ||
| #534 | WP Custom Admin Interface | 34 | 263 | 118 | 30k+ | Unsafe printing function | ||
| #535 | Wp Default Sender Email by IT Pixelz | 34 | 682 | 25 | 500 | Output is not escaped | ||
| #536 | Absolute Addons For Elementor | 35 | 86 | 286 | 400 | Non-prefixed global variable | ||
| #537 | AnsPress – Question and answer | 35 | 22 | 778 | 3k+ | Non-prefixed function | ||
| #538 | Author Box WP Lens | 35 | 169 | 49 | 1k+ | Unsafe printing function | ||
| #539 | Better Recent Comments | 35 | 127 | 29 | 2k+ | Text Domain Mismatch | ||
| #540 | Buying Buddy IDX CRM – Real Estate MLS Plugin | 35 | 71 | 240 | 500 | Request data is not unslashed | ||
| #541 | CubeWP Framework | 35 | 114 | 71 | 4k+ | wp function not compatible with requires wp | ||
| #542 | Easy Post Types and Fields | 35 | 138 | 135 | 1k+ | Text Domain Mismatch | ||
| #543 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #544 | HookMeUp for WooCommerce | 35 | 59 | 29 | 10k+ | Output is not escaped | ||
| #545 | Jetpack VideoPress | 35 | 710 | 241 | 7k+ | Text Domain Mismatch | ||
| #546 | Nobs • Share Buttons | 35 | 314 | 85 | 3k+ | Output is not escaped | ||
| #547 | MainWP Child Reports | 35 | 49 | 116 | 100k+ | Non-prefixed hook name | ||
| #548 | OPcache Manager | 35 | 155 | 75 | 1k+ | Output is not escaped | ||
| #549 | Posts Table with Search & Sort | 35 | 143 | 33 | 3k+ | Text Domain Mismatch | ||
| #550 | Presto Player | 35 | 37 | 77 | 100k+ | Missing Arg Domain |