Nadawaj przesyłki, udostępnij mapę punktów odbioru, obsługuj zwroty, wystawiaj faktury KSeF, aktualizuj statusy zamówień.
Category Scores
Top Issues by Category
security70
maintainability36
i18n3
Issues Details
111 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$baseUrl'.
Processing form data without nonce verification.
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_furgonetka".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cart_button_position_value".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Short PHP opening tag used with echo; expected "<?php echo $baseUrl ..." but found "<?= $baseUrl ..."
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
$_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Processing form data without nonce verification.
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Detected usage of meta_key, possible slow query.
Detected usage of meta_value, possible slow query.
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
The $text parameter must be a single text string literal. Found: $label
Mismatched text domain. Expected 'furgonetka' but got 'woocommerce'.
Plugin name "Furgonetka.pl: Przesyłki & Narzędzia e-commerce" is different from the name declared in plugin header "Furgonetka.pl".
The readme description contains unofficial language. It must be written in standard English.
The readme short description contains unofficial language. It must be written in standard English.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'. | 26 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$baseUrl'. | 20 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 18 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_furgonetka". | 6 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cart_button_position_value". | 6 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 6 |
| Generic.PHP.DisallowShortOpenTag.EchoFound | ERROR | Short PHP opening tag used with echo; expected "<?php echo $baseUrl ..." but found "<?= $baseUrl ..." | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins". | 4 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_POST[$key] not unslashed before sanitization. Use wp_unslash() or similar | 3 |
| WordPress.WP.EnqueuedResourceParameters.NotInFooter | WARNING | In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header. | 3 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 1 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_value | WARNING | Detected usage of meta_value, possible slow query. | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $label | 1 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'furgonetka' but got 'woocommerce'. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "Furgonetka.pl: Przesyłki & Narzędzia e-commerce" is different from the name declared in plugin header "Furgonetka.pl". | 1 |
| readme_description_non_official_language | ERROR | The readme description contains unofficial language. It must be written in standard English. | 1 |
| readme_short_description_non_official_language | ERROR | The readme short description contains unofficial language. It must be written in standard English. | 1 |
Latest Snapshot
Findings
111
Errors
63
Warnings
48
Score History
First score snapshot
First scan completed
v1.9.4 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v1.9.4
38
Latest
- Findings
- 111
- Errors
- 63
- Warnings
- 48
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 38 | 111 | 63 | 48 | v1.9.4 | 2.0.0 | 2026.06-mvp-static-v2 |
