PluginScore

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light

v2.4.37Holest EngineeringUpdated Added 500 installs82% rating
csvexcelexportimportwoo
23
Score
386
Errors
999
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,385 findings

Maintainability

922

11 issue groups

Security

268

11 issue groups

I18n

122

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$I".635
Category
Maintainability
Occurrences
635
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$I".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORI18nText Domain MismatchMismatched text domain. Expected 'excel-like-price-change-for-woocommerce-and-wp-e-commerce-light' but got "sellingcommander".106
Category
I18n
Occurrences
106
Severity
error

Sample message

Mismatched text domain. Expected 'excel-like-price-change-for-woocommerce-and-wp-e-commerce-light' but got "sellingcommander".

WordPress.WP.I18n.TextDomainMismatchReference
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"\"{$tout->id}\":"'.74
Category
Security
Occurrences
74
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"\"{$tout->id}\":"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.73
Category
Maintainability
Occurrences
73
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().72
Category
Maintainability
Occurrences
72
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found !53
Category
Security
Occurrences
53
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found !

WordPress.DB.PreparedSQL.NotPrepared
ERRORMaintainabilitywp function not compatible with requires wpFunction "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.6.0.38
Category
Maintainability
Occurrences
38
Severity
error

Sample message

Function "get_rest_url()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 3.6.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.29
Category
Maintainability
Occurrences
29
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $import_uid at "DELETE FROM $wpdb->options WHERE option_name LIKE '$import_uid%'"25
Category
Security
Occurrences
25
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $import_uid at "DELETE FROM $wpdb->options WHERE option_name LIKE '$import_uid%'"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityRequest data is not unslashed$_COOKIE[$parm_name] not unslashed before sanitization. Use wp_unslash() or similar25
Category
Security
Occurrences
25
Severity
warning

Sample message

$_COOKIE[$parm_name] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
Show 15 more
ERRORSecurityDatabase parameter is not escaped20
Category
Security
Occurrences
20
Severity
error

Sample message

Unescaped parameter $customers_join used in $wpdb->get_col()\n$customers_join assigned unsafely at line 2003.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityNonce verification recommended18
Category
Security
Occurrences
18
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityNot In Footer17
Category
Maintainability
Occurrences
17
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGSecurityDatabase parameter is not escaped16
Category
Security
Occurrences
16
Severity
warning

Sample message

Unescaped parameter $q used in $wpdb->get_col()\n$q assigned unsafely at line 2013.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORMaintainabilityfile system operations fwrite15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
WARNINGSecurityInput is not sanitized13
Category
Security
Occurrences
13
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$parm_name]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilityfile system operations fclose13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
WARNINGMaintainabilityNon-prefixed hook name12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORMaintainabilityfile system operations fopen10
Category
Maintainability
Occurrences
10
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
WARNINGSecurityMissing nonce verification9
Category
Security
Occurrences
9
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityLike Without Wildcards8
Category
Security
Occurrences
8
Severity
warning

Sample message

Unless you are using SQL wildcards, using LIKE is inefficient. Use a straight compare instead. Found: LIKE 'product'.

WordPress.DB.PreparedSQLPlaceholders.LikeWithoutWildcards
WARNINGMaintainabilityDeprecated parameter: get_terms parameter 28
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

WordPress.WP.DeprecatedParameters.Get_termsParam2Found
ERRORI18nMissing Translators Comment8
Category
I18n
Occurrences
8
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORI18nNon Singular String Literal Text8
Category
I18n
Occurrences
8
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $att->label

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGSecurityInput is not validated7
Category
Security
Occurrences
7
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['file']['tmp_name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

External Connections

Potential connections found in static code analysis.

10 domains

Outbound calls

37

External assets

0

Incoming endpoints

24

Notable Domains

holest.com10 · outbound
sellingcommander.com10 · outbound
jsperf.com4 · outbound
dbushell.com2 · outbound
adamwdraper.github.com1 · outbound
handsontable.com1 · outbound

Platform / Reference Domains

github.com4 · platform/reference
w3.org3 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/sc/v1/cache_deleteREST

register_rest_route

/wp-json/sc/v1/clear_cacheREST

register_rest_route

/wp-json/sc/v1/customers_readREST

register_rest_route

/wp-json/sc/v1/customers_readoutREST

register_rest_route

/wp-json/sc/v1/fsREST

register_rest_route

/wp-json/sc/v1/infoREST

register_rest_route

Admin AJAX endpoints3
wp_ajax_pelm_price_frame_displayauthenticated

wp_ajax

wp_ajax_sellingcommander_localauthenticated

wp_ajax

wp_ajax_sellingcommander-endpointauthenticated

wp_ajax

Score History

First score snapshot

v2.4.37

23

Latest

Findings
1,385
Errors
386
Warnings
999
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Export Media as ZIP

1k+ active installs

100
Export Media URLs

7k+ active installs

100
Add From Server Reloaded

3k+ active installs

99
BjornTech Accounting Report for WooCommerce

900 active installs

99
Crafthemes Demo Import

400 active installs

99
Custom Post Exporter

3k+ active installs

99