BORICA Payments by BORICA AD

Simple way of receiving debit and credit card payments by virtual POS.

v3.0.6BORICA ADUpdated Added 500 installs100% rating
35
Score
537
Errors
196
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability51

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

733 findings

I18n

503

4 issue groups

Security

152

10 issue groups

Maintainability

76

11 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'borica-payments' but got 'borica'.489
Category
I18n
Occurrences
489
Severity
error

Sample message

Mismatched text domain. Expected 'borica-payments' but got 'borica'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.52
Category
Security
Occurrences
52
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['ACTION']44
Category
Security
Occurrences
44
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['ACTION']

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$billing_address'.15
Category
Security
Occurrences
15
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$billing_address'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$disabled_attr".12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$disabled_attr".

WARNINGSecurityRequest data is not unslashed$_POST['recurring_name'] not unslashed before sanitization. Use wp_unslash() or similar12
Category
Security
Occurrences
12
Severity
warning

Sample message

$_POST['recurring_name'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $table_logs_name at "DROP TABLE IF EXISTS $table_logs_name;"9
Category
Security
Occurrences
9
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $table_logs_name at "DROP TABLE IF EXISTS $table_logs_name;"

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table_logs_name used in $wpdb->query()\n$table_logs_name assigned unsafely at line 48.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Unescaped parameter $table_logs_name used in $wpdb->query()\n$table_logs_name assigned unsafely at line 48.

Show 15 more
WARNINGMaintainabilityNon-prefixed hook name7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_thankyou_' . $order->get_payment_method()".

ERRORI18nMissing Translators Comment6
Category
I18n
Occurrences
6
Severity
error

Sample message

A function call to _n_noop() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityMissing direct file access protection6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitydate date5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORI18nMissing Arg Domain5
Category
I18n
Occurrences
5
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORSecurityDatabase parameter is not escaped4
Category
Security
Occurrences
4
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 1180.

WARNINGMaintainabilitySchema Change4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORSecuritySQL query is not prepared4
Category
Security
Occurrences
4
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

ERRORI18nNon Singular String Literal Text3
Category
I18n
Occurrences
3
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $order->get_billing_email()

WARNINGMaintainabilityMixed line endings2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

File has mixed line endings; this may cause incorrect results

WARNINGMaintainabilityNon-prefixed function2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "display_borica_order_postbox".

WARNINGSecurityNonce verification recommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not validated2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['recurring_id']. Check that the array index exists before using it.

WARNINGMaintainabilityslow db query meta query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "BORICA Payments by BORICA AD" is different from the name declared in plugin header "BORICA Payments".

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

27

External assets

0

Incoming endpoints

18

Notable Domains

borica.bg11 · outbound
3dsgate.borica.bg1 · outbound

Platform / Reference Domains

gnu.org10 · platform/reference
developer.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_borica_recurring_createpublic

wp_ajax

wp_ajax_nopriv_borica_recurring_deletepublic

wp_ajax

wp_ajax_nopriv_borica_recurring_updatepublic

wp_ajax

wp_ajax_nopriv_borica_sendpublic

wp_ajax

wp_ajax_nopriv_borica_toggle_recurring_statuspublic

wp_ajax

Admin AJAX endpoints13
admin_post_borica_drop_recurring_paymentauthenticated

admin_post

wp_ajax_borica_check_paymentauthenticated

wp_ajax

wp_ajax_borica_drop_paymentauthenticated

wp_ajax

wp_ajax_borica_logauthenticated

wp_ajax

wp_ajax_borica_productionkeysbgnauthenticated

wp_ajax

wp_ajax_borica_productionkeyseurauthenticated

wp_ajax

wp_ajax_borica_recurring_createauthenticated

wp_ajax

wp_ajax_borica_recurring_deleteauthenticated

wp_ajax

wp_ajax_borica_recurring_updateauthenticated

wp_ajax

wp_ajax_borica_sendauthenticated

wp_ajax

wp_ajax_borica_testkeysbgnauthenticated

wp_ajax

wp_ajax_borica_testkeyseurauthenticated

wp_ajax

1 more hidden

Score History

First score snapshot

v3.0.6

35

Latest

Findings
733
Errors
537
Warnings
196
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins