PluginScore

Helcim Commerce for WooCommerce

Helcim Payment Module for WooCommerce

v4.1.0HelcimUpdated Added 800 installs78% rating
helcimhelcim commercewoocommercewoocommerce payment gatewaywoocommerce payments
32
Score
94
Errors
121
Warnings
+0
Change

Category Scores

Security0
Repo67
Performance100
Maintainability58

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

215 findings

Security

138

6 issue groups

I18n

45

3 issue groups

Maintainability

23

15 issue groups

Supply Chain

1

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'helcim-commerce-for-woocommerce' but got 'woocommerce'.42
Category
I18n
Occurrences
42
Severity
error

Sample message

Mismatched text domain. Expected 'helcim-commerce-for-woocommerce' but got 'woocommerce'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.38
Category
Security
Occurrences
38
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['cardCVV']28
Category
Security
Occurrences
28
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['cardCVV']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_POST['cardCVV'] not unslashed before sanitization. Use wp_unslash() or similar28
Category
Security
Occurrences
28
Severity
warning

Sample message

$_POST['cardCVV'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$month'.19
Category
Security
Occurrences
19
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$month'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['cardCVV']. Check that the array index exists before using it.14
Category
Security
Occurrences
14
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['cardCVV']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.11
Category
Security
Occurrences
11
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
Show 15 more
ERRORMaintainabilitywp function not compatible with requires wp2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Function "str_contains()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.7.3.

wp_function_not_compatible_with_requires_wpReference
ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORMaintainabilitycurl curl close1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close
ERRORMaintainabilitycurl curl errno1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_errno
ERRORMaintainabilitycurl curl error1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_error
ERRORMaintainabilitycurl curl exec1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec
ERRORMaintainabilitycurl curl getinfo1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_getinfo
ERRORMaintainabilitycurl curl init1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_init
ERRORMaintainabilitycurl curl setopt array1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt_array
ERRORMaintainabilityrand rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand
WARNINGMaintainabilityNot In Footer1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $this->description

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORSupply ChainHidden files included1
Category
Supply Chain
Occurrences
1
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

8

External assets

2

Incoming endpoints

0

Notable Domains

helcim.com2 · outbound
learn.helcim.com2 · outbound
api.helcim.com1 · outbound

External Asset Domains

secure.myhelcim.com3 · asset + outbound
google.com2 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v4.1.0

32

Latest

Findings
215
Errors
94
Warnings
121
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins

Automation Web Platform – Notifications and OTP for WooCommerce, Advanced Country Code

500 active installs

100
Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory

10k+ active installs

100
EU Withdrawal Compliance

900 active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100