PluginScore

Checkout Files Upload for WooCommerce

Let your customers upload files on (or after) WooCommerce checkout.

v2.2.6WP WhamUpdated Added 7k+ installs88% rating100% support resolved
checkoutcheckout files uploadwoo-commercewoocommerce
38
Score
57
Errors
120
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability67

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

177 findings

Security

91

5 issue groups

Maintainability

48

10 issue groups

I18n

38

4 issue groups

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['file']33
Category
Security
Occurrences
33
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['file']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.29
Category
I18n
Occurrences
29
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar28
Category
Security
Occurrences
28
Severity
warning

Sample message

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_get_settings_' . $this->id . '_' . $current_section".19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_get_settings_' . $this->id . '_' . $current_section".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['file']['tmp_name']. Check that the array index exists before using it.11
Category
Security
Occurrences
11
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['file']['tmp_name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "Alg_WC_Checkout_Files_Upload".8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Alg_WC_Checkout_Files_Upload".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$html'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$html'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "alg_current_filter_priority".5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "alg_current_filter_priority".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
Show 9 more
ERRORI18nText Domain Mismatch4
Category
I18n
Occurrences
4
Severity
error

Sample message

Mismatched text domain. Expected 'checkout-files-upload-woocommerce' but got 'checkout-files-upload-for-woocommerce'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORI18nUnordered Placeholders Text4
Category
I18n
Occurrences
4
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$c, %2$c", but got "%c, %c" in 'Other replaced values: %current_width%, %current_height%, %required_width%, %required_height%'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
ERRORMaintainabilityfile system operations mkdir2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
ERRORMaintainabilityfile system operations readfile2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().

WordPress.WP.AlternativeFunctions.file_system_operations_readfile
WARNINGMaintainabilityDeprecated parameter: get_terms parameter 22
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The parameter "'orderby=name&hide_empty=0'" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

WordPress.WP.DeprecatedParameters.Get_termsParam2Found
ERRORMaintainabilityForbidden PHP function found1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

The use of function move_uploaded_file() is forbidden

Generic.PHP.ForbiddenFunctions.Found
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $title

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin slug includes a restricted term. Your plugin slug - "checkout-files-upload-woocommerce" - contains the restricted term "woocommerce" which cannot be used within in your plugin slug, unless your plugin slug contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your plugin slug.

trademarked_term

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.2.6

38

Latest

Findings
177
Errors
57
Warnings
120
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related Plugins

Automation Web Platform – Notifications and OTP for WooCommerce, Advanced Country Code

500 active installs

100
Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

10k+ active installs

100
EU Withdrawal Compliance

900 active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100