Cashflows for WooCommerce

Cashflows Payments Gateway for WooCommerce

v2.3.6.8CashflowsUpdated Added 600 installs0% rating
36
Score
118
Errors
36
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability63

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

154 findings

I18n

93

3 issue groups

Security

33

7 issue groups

Maintainability

26

13 issue groups

Repo Compliance

2

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'cashflows-payments-by-ideal-checkout' but got 'ic-cashflows-for-woo'.91
Category
I18n
Occurrences
91
Severity
error

Sample message

Mismatched text domain. Expected 'cashflows-payments-by-ideal-checkout' but got 'ic-cashflows-for-woo'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.11
Category
Security
Occurrences
11
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "CashflowsPayment".6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CashflowsPayment".

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$aError['message']'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$aError['message']'.

WARNINGSecurityRequest data is not unslashed$_COOKIE['_ga'] not unslashed before sanitization. Use wp_unslash() or similar6
Category
Security
Occurrences
6
Severity
warning

Sample message

$_COOKIE['_ga'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.4
Category
Security
Occurrences
4
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "cashflowsSettingsTab".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "cashflowsSettingsTab".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$html'.3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$html'.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['_ga']2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['_ga']

Show 15 more
ERRORMaintainabilityfile system operations chmod2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

ERRORMaintainabilityfile system operations touch2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch().

ERRORMaintainabilityunlink unlink2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['real_id']. Check that the array index exists before using it.

ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopen1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityfile system operations fwrite1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORMaintainabilityfile system operations is writable1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

ERRORMaintainabilityrename rename1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rename() is discouraged. Use WP_Filesystem::move() to rename a file.

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Cashflows for WooCommerce" is different from the name declared in plugin header "Cashflows Payments by PayoCity".

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

ERRORRepo Compliancereadme mismatched header requires1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched Requires at least: 5.8.0 != 5.8. "Requires at least" needs to be exactly the same with that in your main plugin file's header.

WARNINGI18ntextdomain mismatch1
Category
I18n
Occurrences
1
Severity
warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "ic-cashflows-for-woo", expected "cashflows-payments-by-ideal-checkout".

External Connections

Potential connections found in static code analysis.

6 domains

Outbound calls

10

External assets

0

Incoming endpoints

0

Notable Domains

Platform / Reference Domains

wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

2 score snapshots

+0
1007550250Jun 25, 2026, 02:17 PM UTC Score 36/100 Plugin v2.3.6.7 Plugin Check 2.0.0 118 errors, 36 warningsJun 29, 2026, 09:09 AM UTC Score 36/100 Plugin v2.3.6.8 Plugin Check 2.0.0 118 errors, 36 warningsJun 25, 2026Jun 29, 2026

v2.3.6.8

36

Latest

Findings
154
Errors
118
Warnings
36
Check
2.0.0

v2.3.6.7

36

Score

Findings
154
Errors
118
Warnings
36
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins