Finpose – Accounting for WooCommerce

Accounting and financial tracking tool for online stores. Track your costs, expenses, taxes and sales for timeframes you can choose.

v4.5.2OzgurUpdated Added 400 installs80% rating
23
Score
1,649
Errors
1,307
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,956 findings

Maintainability

1,351

15 issue groups

Security

997

9 issue groups

I18n

592

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$VARS".1,070
Category
Maintainability
Occurrences
1,070
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$VARS".

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.630
Category
Security
Occurrences
630
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

ERRORI18nText Domain MismatchMismatched text domain. Expected 'fin-accounting-for-woocommerce' but got 'finpose'.592
Category
I18n
Occurrences
592
Severity
error

Sample message

Mismatched text domain. Expected 'fin-accounting-for-woocommerce' but got 'finpose'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.342
Category
Security
Occurrences
342
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.100
Category
Maintainability
Occurrences
100
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.57
Category
Maintainability
Occurrences
57
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.29
Category
Maintainability
Occurrences
29
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.26
Category
Maintainability
Occurrences
26
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;24
Category
Maintainability
Occurrences
24
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitywp function not compatible with requires wpFunction "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.0.0.12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 4.0.0.

Show 15 more
WARNINGMaintainabilityDirect Query11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityException output is not escaped7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

ERRORSecurityDatabase parameter is not escaped4
Category
Security
Occurrences
4
Severity
error

Sample message

Unescaped parameter $itemid used in $wpdb->get_var()\n$itemid assigned unsafely at line 190.

WARNINGSecurityMissing nonce verification4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityNonce verification recommended3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitized3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[&quot;selyear&quot;]

WARNINGMaintainabilityMissing Version3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGSecurityInterpolated SQL is not prepared2
Category
Security
Occurrences
2
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable {$itemid} at &quot;SELECT iid FROM fin_inventory WHERE pid=&#039;{$itemid}&#039; AND is_sold=&#039;0&#039; ORDER BY timecr ASC LIMIT 1&quot;

WARNINGMaintainabilityNon-prefixed hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fin_fs_loaded&quot;.

WARNINGSecurityInput is not validated2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;file&#039;]. Check that the array index exists before using it.

ERRORMaintainabilityrand rand2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

ERRORMaintainabilityplugin updater detected2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: class FS_Plugin_Updater

WARNINGMaintainabilityupdate modification detected2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins

External Connections

Potential connections found in static code analysis.

37 domains

Outbound calls

202

External assets

2

Incoming endpoints

2

Notable Domains

finpose.com29 · outbound
freemius.com8 · outbound
php.net6 · outbound
vuejs.org5 · outbound
benalman.com4 · outbound
jqueryui.com3 · outbound

Platform / Reference Domains

gnu.org95 · platform/reference
github.com7 · platform/reference
w3.org7 · platform/reference
wordpress.org7 · platform/reference
api.wordpress.org2 · platform/reference
make.wordpress.org2 · platform/reference
core.trac.wordpress.org1 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints2
wp_ajax_finposeauthenticated

wp_ajax

wp_ajax_fs_dismiss_notice_action_{$ajax_action_suffix}authenticated

wp_ajax

Score History

First score snapshot

v4.5.2

23

Latest

Findings
2,956
Errors
1,649
Warnings
1,307
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins