Hesabfa Accounting

Connect Hesabfa Online Accounting to WooCommerce.

v2.2.5Saeed Sattar BeglouUpdated Added 400 installs100% rating
22
Score
467
Errors
718
Warnings
+0
Change

Category Scores

Security0
Repo79
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,185 findings

Security

554

11 issue groups

I18n

325

4 issue groups

Maintainability

283

10 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'hesabfa-accounting' but got "ssbhesabfa".303
Category
I18n
Occurrences
303
Severity
error

Sample message

Mismatched text domain. Expected 'hesabfa-accounting' but got "ssbhesabfa".

WARNINGSecurityRequest data is not unslashed$_GET['$productUpdateResult'] not unslashed before sanitization. Use wp_unslash() or similar123
Category
Security
Occurrences
123
Severity
warning

Sample message

$_GET['$productUpdateResult'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.106
Category
Security
Occurrences
106
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['$productUpdateResult']98
Category
Security
Occurrences
98
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['$productUpdateResult']

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.92
Category
Maintainability
Occurrences
92
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().81
Category
Maintainability
Occurrences
81
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['token']. Check that the array index exists before using it.77
Category
Security
Occurrences
77
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['token']. Check that the array index exists before using it.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.59
Category
Security
Occurrences
59
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo $p ..." but found "<?= $p ..."30
Category
Maintainability
Occurrences
30
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo $p ..." but found "<?= $p ..."

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$accountPath&quot;.27
Category
Maintainability
Occurrences
27
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$accountPath&quot;.

Show 15 more
ERRORSecurityDatabase parameter is not escaped26
Category
Security
Occurrences
26
Severity
error

Sample message

Unescaped parameter $d["id"] used in $wpdb->get_row()\n$d["id"] used without escaping.

ERRORMaintainabilitydate date25
Category
Maintainability
Occurrences
25
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecuritySQL query is not prepared22
Category
Security
Occurrences
22
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $d

WARNINGSecurityInterpolated SQL is not prepared21
Category
Security
Occurrences
21
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $id_attribute at &quot;ssbhesabfa` WHERE `id_ps_attribute` = $id_attribute AND `obj_type` = &#039;product&#039; AND `active` = &#039;1&#039;`&quot;

ERRORSecurityOutput is not escaped15
Category
Security
Occurrences
15
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

ERRORI18nNon Singular String Literal Text9
Category
I18n
Occurrences
9
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: "The contact code of this user in Hesabfa, if you want to map this user "\r\n . "to a contact in Hesabfa, enter the Contact code."

ERRORMaintainabilityMissing direct file access protection9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityerror log error log8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORI18nMissing Arg Domain8
Category
I18n
Occurrences
8
Severity
error

Sample message

Missing $domain parameter in function call to esc_attr_e().

ERRORI18nMissing Translators Comment5
Category
I18n
Occurrences
5
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityPlugin Directory Write4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

WARNINGSecurityUnnecessary Prepare4
Category
Security
Occurrences
4
Severity
warning

Sample message

It is not necessary to prepare a query which doesn&#039;t use variable replacement.

WARNINGMaintainabilityerror log print r4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WARNINGSecurityDatabase parameter is not escaped3
Category
Security
Occurrences
3
Severity
warning

Sample message

Unescaped parameter $table used in $wpdb-&gt;get_col()\n$table assigned unsafely at line 768.

WARNINGMaintainabilitySchema Change3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Attempting a database schema change is discouraged.

External Connections

Potential connections found in static code analysis.

11 domains

Outbound calls

36

External assets

0

Incoming endpoints

2

Notable Domains

hesabfa.com6 · outbound
getbootstrap.com2 · outbound
api.hesabfa.com1 · outbound
api.hesabfa.ir1 · outbound
app.hesabfa.com1 · outbound
fontiran.com1 · outbound

Platform / Reference Domains

w3.org18 · platform/reference
github.com3 · platform/reference
gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_handle_webhook_requestpublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_handle_webhook_requestauthenticated

wp_ajax

Score History

First score snapshot

v2.2.5

22

Latest

Findings
1,185
Errors
467
Warnings
718
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

27 nodes