update_modification_detected
update modification detected
The plugin appears to include its own update or modification mechanism.
Why It Shows Up
Plugin Check found updater code or code that modifies plugin files outside the normal WordPress.org update flow.
Why It Matters
Custom update mechanisms can bypass repository review, surprise site owners, or change executable code after installation.
How to Fix
- Remove custom updater code from WordPress.org releases when it is not needed.
- Do not rewrite plugin source files at runtime.
- If remote updates are intentional outside WordPress.org, document the trust model and protect it with strong validation.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | YML for Yandex Market | 31 | 37 | 293 | 10k+ | Non-prefixed global variable | ||
| #402 | APCu Manager | 32 | 151 | 126 | 10k+ | Output is not escaped | ||
| #403 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | Unsafe printing function | ||
| #404 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 773 | 9k+ | Nonce verification recommended | ||
| #405 | Jetpack VaultPress Backup | 32 | 554 | 211 | 20k+ | Text Domain Mismatch | ||
| #406 | WP Mobile Menu – The Mobile-Friendly Responsive Menu | 32 | 990 | 195 | 80k+ | Output is not escaped | ||
| #407 | Theme My Login | 32 | 251 | 549 | 60k+ | Non-prefixed function | ||
| #408 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | Output is not escaped | ||
| #409 | WP fail2ban – Advanced Security | 32 | 75 | 153 | 60k+ | Dynamic hook name | ||
| #410 | Privacy Policy Generator – WPLP Legal Pages | 32 | 26 | 409 | 10k+ | Non-prefixed global variable | ||
| #411 | YITH Infinite Scrolling | 32 | 387 | 1,417 | 10k+ | Non-prefixed global variable | ||
| #412 | YITH WooCommerce Badge Management | 32 | 413 | 1,446 | 10k+ | Non-prefixed global variable | ||
| #413 | YITH WooCommerce Compare | 32 | 422 | 1,508 | 100k+ | Non-prefixed global variable | ||
| #414 | YITH WooCommerce Quick View | 32 | 388 | 1,420 | 90k+ | Non-prefixed global variable | ||
| #415 | Companion Auto Update | 33 | 159 | 298 | 50k+ | Direct Query | ||
| #416 | GetResponse Forms by Optin Cat | 33 | 68 | 138 | 1k+ | Missing direct file access protection | ||
| #417 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | 33 | 274 | 106 | 3k+ | Text Domain Mismatch | ||
| #418 | Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | 33 | 71 | 133 | 2k+ | Missing direct file access protection | ||
| #419 | Mollie Payments for WooCommerce | 33 | 70 | 123 | 100k+ | Dynamic hook name | ||
| #420 | Pixelgrade Assistant | 33 | 665 | 141 | 2k+ | Text Domain Mismatch | ||
| #421 | Gravity Booster – Styles & Layouts for Gravity Forms | 33 | 277 | 87 | 40k+ | Missing Arg Domain | ||
| #422 | Mercado Pago payments for WooCommerce | 33 | 618 | 63 | 100k+ | Short PHP open tag found | ||
| #423 | Books Gallery – Book Showcase, Library & Affiliate Plugin | 33 | 1,753 | 178 | 2k+ | Output is not escaped | ||
| #424 | affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display | 34 | 326 | 75 | 2k+ | Output is not escaped | ||
| #425 | All-in-One WP Migration and Backup | 34 | 47 | 69 | 5m+ | Missing nonce verification | ||
| #426 | Document Library Lite | 34 | 149 | 85 | 4k+ | Text Domain Mismatch | ||
| #427 | Meta for WooCommerce | 34 | 66 | 186 | 400k+ | Non-prefixed hook name | ||
| #428 | HollerBox — Fast & Effective Popups & Lead-Generation | 34 | 78 | 92 | 2k+ | Output is not escaped | ||
| #429 | MailerLite – WooCommerce integration | 34 | 64 | 36 | 30k+ | Output is not escaped | ||
| #430 | Product Tabs for WooCommerce | 34 | 196 | 93 | 10k+ | Text Domain Mismatch | ||
| #431 | Air WP Sync – Airtable to WordPress | 35 | 38 | 42 | 1k+ | Non-prefixed hook name | ||
| #432 | AnsPress – Question and answer | 35 | 22 | 778 | 3k+ | Non-prefixed function | ||
| #433 | Better Recent Comments | 35 | 127 | 29 | 2k+ | Text Domain Mismatch | ||
| #434 | CubeWP Framework | 35 | 114 | 71 | 4k+ | wp function not compatible with requires wp | ||
| #435 | Easy Post Types and Fields | 35 | 138 | 135 | 1k+ | Text Domain Mismatch | ||
| #436 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #437 | Extendify | 35 | 117 | 168 | 500k+ | Non-prefixed global variable | ||
| #438 | HookMeUp for WooCommerce | 35 | 59 | 29 | 10k+ | Output is not escaped | ||
| #439 | Nobs • Share Buttons | 35 | 314 | 85 | 3k+ | Output is not escaped | ||
| #440 | LiteSpeed Cache | 35 | 286 | 893 | 7m+ | Non-prefixed global variable | ||
| #441 | MainWP Child Reports | 35 | 49 | 116 | 100k+ | Non-prefixed hook name | ||
| #442 | OPcache Manager | 35 | 155 | 75 | 1k+ | Output is not escaped | ||
| #443 | Posts Table with Search & Sort | 35 | 143 | 33 | 3k+ | Text Domain Mismatch | ||
| #444 | Presto Player | 35 | 59 | 77 | 100k+ | Missing Arg Domain | ||
| #445 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | 35 | 24 | 5 | 8k+ | Missing direct file access protection | ||
| #446 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | Request data is not unslashed | ||
| #447 | Simple History – Track, Log, and Audit WordPress Changes | 35 | 32 | 122 | 300k+ | Non-prefixed global variable | ||
| #448 | SiteOrigin CSS | 35 | 61 | 84 | 100k+ | Not In Footer | ||
| #449 | WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel | 35 | 41 | 10 | 100k+ | wp function not compatible with requires wp | ||
| #450 | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | 35 | 35 | 20 | 100k+ | Missing direct file access protection |
