g-FFL Checkout

Built by a FFL, for FFL's. This plugin will add a FFL search & selection widget to your checkout page for products requiring FFL Shipment.

v2.2.2garidiumUpdated Added 600 installs100% rating
31
Score
249
Errors
300
Warnings
+0
Change

Category Scores

Security0
Repo80
Performance100
Maintainability46

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

549 findings

Security

397

10 issue groups

I18n

107

3 issue groups

Maintainability

34

12 issue groups

WARNINGSecurityRequest data is not unslashed$_COOKIE['candr_license'] not unslashed before sanitization. Use wp_unslash() or similar99
Category
Security
Occurrences
99
Severity
warning

Sample message

$_COOKIE['candr_license'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORI18nText Domain MismatchMismatched text domain. Expected 'g-ffl-checkout' but got 'g-ffl-api'.96
Category
I18n
Occurrences
96
Severity
error

Sample message

Mismatched text domain. Expected 'g-ffl-checkout' but got 'g-ffl-api'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.67
Category
Security
Occurrences
67
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['candr_license']59
Category
Security
Occurrences
59
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['candr_license']

ERRORSecuritySetting is missing a sanitization callbackSanitization missing for register_setting().48
Category
Security
Occurrences
48
Severity
error

Sample message

Sanitization missing for register_setting().

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$address_parts'.45
Category
Security
Occurrences
45
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$address_parts'.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['document']['error']. Check that the array index exists before using it.34
Category
Security
Occurrences
34
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['document']['error']. Check that the array index exists before using it.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.30
Category
Security
Occurrences
30
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$label'.13
Category
Security
Occurrences
13
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$label'.

ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

Show 15 more
ERRORMaintainabilityunlink unlink6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

ERRORI18nMissing Translators Comment6
Category
I18n
Occurrences
6
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORI18nMissing Arg Domain5
Category
I18n
Occurrences
5
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityerror log error log4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORMaintainabilityForbidden PHP function found3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

The use of function move_uploaded_file() is forbidden

ERRORMaintainabilityPlugin Directory Write3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

ERRORMaintainabilityfile system operations readfile3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().

ERRORMaintainabilitydate date2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilityfile system operations is writable2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityUnsafe printing function1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilitycurl curl close1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl error1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

External Connections

Potential connections found in static code analysis.

17 domains

Outbound calls

40

External assets

0

Incoming endpoints

48

Notable Domains

ffl-api.garidium.com14 · outbound
maps.googleapis.com4 · outbound
api.mapbox.com2 · outbound
api.rentcast.io2 · outbound
fflcockpit.com2 · outbound

Platform / Reference Domains

w3.org2 · platform/reference
github.com1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_check_cart_ammunitionpublic

wp_ajax

wp_ajax_nopriv_ffl_delete_documentpublic

wp_ajax

wp_ajax_nopriv_ffl_upload_documentpublic

wp_ajax

wp_ajax_nopriv_check_cart_compliancepublic

wp_ajax

wp_ajax_nopriv_ffl_check_order_restrictionspublic

wp_ajax

wp_ajax_nopriv_ffl_upload_candr_documentpublic

wp_ajax

Admin AJAX endpoints28
wp_ajax_check_cart_ammunitionauthenticated

wp_ajax

wp_ajax_ffl_admin_delete_admin_documentauthenticated

wp_ajax

wp_ajax_ffl_admin_delete_documentauthenticated

wp_ajax

wp_ajax_ffl_admin_download_documentauthenticated

wp_ajax

wp_ajax_ffl_admin_upload_documentauthenticated

wp_ajax

wp_ajax_ffl_delete_documentauthenticated

wp_ajax

wp_ajax_ffl_upload_documentauthenticated

wp_ajax

wp_ajax_add_ffl_to_blacklistauthenticated

wp_ajax

wp_ajax_bulk_remove_ffl_from_blacklistauthenticated

wp_ajax

wp_ajax_check_cart_complianceauthenticated

wp_ajax

wp_ajax_ffl_admin_download_admin_documentauthenticated

wp_ajax

wp_ajax_ffl_check_order_restrictionsauthenticated

wp_ajax

16 more hidden

Score History

2 score snapshots

+0
1007550250Jun 25, 2026, 07:23 PM UTC Score 31/100 Plugin v2.2.1 Plugin Check 2.0.0 249 errors, 300 warningsJun 27, 2026, 04:54 PM UTC Score 31/100 Plugin v2.2.2 Plugin Check 2.0.0 249 errors, 300 warningsJun 25, 2026Jun 27, 2026

v2.2.2

31

Latest

Findings
549
Errors
249
Warnings
300
Check
2.0.0

v2.2.1

31

Score

Findings
549
Errors
249
Warnings
300
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

g-FFL Cockpit

500 active installs

35