update_modification_detected

update modification detected

The plugin appears to include its own update or modification mechanism.

medium weight

Why It Shows Up

Plugin Check found updater code or code that modifies plugin files outside the normal WordPress.org update flow.

Why It Matters

Custom update mechanisms can bypass repository review, surprise site owners, or change executable code after installation.

How to Fix

  • Remove custom updater code from WordPress.org releases when it is not needed.
  • Do not rewrite plugin source files at runtime.
  • If remote updates are intentional outside WordPress.org, document the trust model and protect it with strong validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#601Alma – Pay in installments or later for WooCommerce41116681k+Exception output is not escaped
#602Unbloater4157185k+Output is not escaped
#603WP Club Manager – WordPress Sports Club Plugin44171682600Non-prefixed global variable
#604Jetpack Search459254265k+Text Domain Mismatch
#605Utimate Kit ( Styler ) for WPForms452406920k+Missing Arg Domain
#606VietQR4532395k+Text Domain Mismatch
#607iControlWP4745591k+Missing direct file access protection
#608Jetpack Social4882925430k+Text Domain Mismatch
#609Easy Updates Manager4813182300k+Non-prefixed global variable
#610Advanced Automatic Updates49262520k+Nonce verification recommended
#611Category Posts in Custom Menu4919182k+Output is not escaped
#612Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode49148176100k+Non-prefixed global variable
#613Easy Property Listings4960665k+wp function not compatible with requires wp
#614Booster for WPForms507945800Text Domain Mismatch
#615User Activity Tracking and Log50302593k+Non-prefixed global variable
#616Automattic For Agencies Client5324918420k+Text Domain Mismatch
#617Connect Contact Form 7 and Mailchimp532365240k+Text Domain Mismatch
#618Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder5554692700k+Non-prefixed hook name
#619Themeflection Numbers – Number Counter and Animated Numbers55224733k+Text Domain Mismatch
#620WP Ultimate Review552338170k+Non-prefixed global variable
#621Elementor Beta (Developer Edition)57363230k+Output is not escaped
#622Vibe AI – MCP Server for WordPress. Connect Claude, ChatGPT & Cursor5711512k+Interpolated SQL is not prepared
#623pensopay Payments v259413321k+Non Singular String Literal Domain
#624Material Design for WordPress6051207800Non-prefixed global variable
#625Raptive Ads6635296k+Text Domain Mismatch
#626Disabler6717937900Text Domain Mismatch
#627onOffice for WP-Websites6755071k+Non-prefixed global variable
#628Free Assets Library – Openverse/Pixabay 600+ Million Images6844364k+Text Domain Mismatch
#629POS Entegratör – Gurmehub Ödeme Eklentisi681,321691k+Text Domain Mismatch
#630Russian Post and EMS for WooCommerce6816471k+Non-prefixed global variable
#631WP Disable Automatic Updates691482k+Output is not escaped
#632Stitch Express7096400Output is not escaped
#633aapanel WP Toolkit7120182k+wp function not compatible with requires wp
#634WP Disables Updates75197800Text Domain Mismatch
#635Boxzilla – WordPress Popup Builder7946420k+Non-prefixed global variable
#636Klaviyo792686100k+Non-prefixed function
#637Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder799473310k+Non-prefixed global variable
#638WP Automatic Updates79507400Text Domain Mismatch
#639WP Updates Settings7978900Unsafe printing function
#640Stream8158080k+Direct Query
#641BlogVault Backup & Staging82532280k+Missing direct file access protection
#642MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall825522200k+Missing direct file access protection
#643The WP Remote WordPress Plugin82512430k+Missing direct file access protection
#644Web Stories84126360k+Non-prefixed global variable
#645Simple Automatic Updates851812k+Missing Translators Comment
#646GTM Kit – Google Tag Manager & GA4 integration8751730k+Missing direct file access protection
#647WP Auto Updater875197k+Database parameter is not escaped
#648Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More882011640k+Non-prefixed hook name
#649Piotnet Addons For Elementor887442630k+Text Domain Mismatch
#650Three Column Screen Layout90581k+Direct Query