This is the official DPO Pay extension to receive payments for WooCommerce.
Prioritized issue groups from the latest Plugin Check scan
Maintainability
30
9 issue groups
I18n
19
2 issue groups
Security
17
9 issue groups
Repo Compliance
3
3 issue groups
Sample message
The $text parameter must be a single text string literal. Found: 'Payment error code: ' . $response['success'] . ', ' . $response['error']
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "DpoPayServices".
Sample message
Use of a direct database call is discouraged.
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "dpo_pay_order_create".
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
Sample message
Unescaped parameter $dpo_custom_table used in $wpdb->query()
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $dpo_custom_table at "INSERT INTO $dpo_custom_table\n
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$f".
Sample message
The $domain parameter must be a single text string literal. Found: $woothemes
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
Sample message
Use placeholders and $wpdb->prepare(); found $query
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "dpo_every_ten_minutes".
Sample message
Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 127.
Sample message
Processing form data without nonce verification.
Sample message
Detected usage of a non-sanitized input variable: $_POST['dpo_service_type_nonce']
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['TransactionToken']. Check that the array index exists before using it.
Sample message
$_POST['dpo_service_type_nonce'] not unslashed before sanitization. Use wp_unslash() or similar
Sample message
Mismatched "Tested up to": 6.8 != 6.8.3. The "Tested up to" value in the readme file must match the "Tested up to" value in the plugin header. If the plugin header has a "Tested up to" value, it will override the readme value, which can cause confusion.
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Sample message
One or more tags were ignored. Please limit your plugin to 5 tags.
Sample message
Mismatched Stable Tag: 1.3.0 != 1.3.1. Your Stable Tag is meant to be the stable version of your plugin and it needs to be exactly the same with the Version in your main plugin file's header. Any mismatch can prevent users from downloading the correct plugin files from WordPress.org.
Potential connections found in static code analysis.
Outbound calls
15
External assets
0
Incoming endpoints
0
No external asset domains detected.
No public endpoints detected.
First score snapshot
v1.3.1
47
Latest
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 47 | 69 | 28 | 41 | v1.3.1 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.