Nexi XPay

XPay is the payment gateway provided by Nexi, a leading group in Italy with the goal of shaping the future of digital payments.

v8.3.3Nexi PaymentsUpdated Added 6k+ installs60% rating0% support resolved
33
Score
496
Errors
277
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance96
Maintainability48

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

773 findings

I18n

486

2 issue groups

Security

181

8 issue groups

Maintainability

100

14 issue groups

Performance

4

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'cartasi-x-pay' but got 'woocommerce-gateway-nexi-xpay'.484
Category
I18n
Occurrences
484
Severity
error

Sample message

Mismatched text domain. Expected 'cartasi-x-pay' but got 'woocommerce-gateway-nexi-xpay'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.50
Category
Security
Occurrences
50
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.43
Category
Security
Occurrences
43
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['page']37
Category
Security
Occurrences
37
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['page']

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "GATEWAY_NPG".36
Category
Maintainability
Occurrences
36
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "GATEWAY_NPG".

WARNINGSecurityRequest data is not unslashed$_POST['alias'] not unslashed before sanitization. Use wp_unslash() or similar33
Category
Security
Occurrences
33
Severity
warning

Sample message

$_POST['alias'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$customerEmail".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$customerEmail".

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['alias']. Check that the array index exists before using it.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['alias']. Check that the array index exists before using it.

WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "my_add_nexi_schedules_for_polling".9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "my_add_nexi_schedules_for_polling".

Show 15 more
ERRORMaintainabilitycurl curl setopt6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WARNINGMaintainabilityslow db query meta query4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityNon-prefixed hook name4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WARNINGMaintainabilityMissing Version4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGPerformancePost Not In exclude4
Category
Performance
Occurrences
4
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WARNINGMaintainabilityDirect Query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGI18nNo Html Wrapped Strings2
Category
I18n
Occurrences
2
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: '<i>(Note: If you don\'t have an Apple Developer account, you\'ll be able to create one during this process.)</i>'

ERRORMaintainabilitylibrary core files2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Library files that are already in the WordPress core are not permitted.

WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

ERRORSecurityException output is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.

ERRORSecurityOutput is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$redirectUrl'.

WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

External Connections

Not analyzed yet.

Score History

First score snapshot

v8.3.3

33

Latest

Findings
773
Errors
496
Warnings
277
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

TWB Woocommerce Reviews

600 active installs

99
HyperPay Payments

600 active installs

98
98
WCBoost – Wishlist

50k+ active installs

97
Hide Categories On Shop Page

1k+ active installs

92