Mergado Pack

Connect your online store to the e-commerce world and get even more from hundreds shopping channels

v4.2.1MERGADOUpdated Added 700 installs72% rating
21
Score
2,323
Errors
588
Warnings
+0
Change

Category Scores

Security0
Repo72
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,911 findings

Security

2,306

11 issue groups

Maintainability

497

11 issue groups

I18n

37

3 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$APPEARANCE_TYPE'.1,988
Category
Security
Occurrences
1,988
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$APPEARANCE_TYPE'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$GaRefundClass".237
Category
Maintainability
Occurrences
237
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$GaRefundClass".

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;143
Category
Maintainability
Occurrences
143
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.94
Category
Security
Occurrences
94
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_COOKIE[$cookieName] not unslashed before sanitization. Use wp_unslash() or similar54
Category
Security
Occurrences
54
Severity
warning

Sample message

$_COOKIE[$cookieName] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$cookieName]52
Category
Security
Occurrences
52
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$cookieName]

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.46
Category
Security
Occurrences
46
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.26
Category
Maintainability
Occurrences
26
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot add new property \$$name to instance of "'.23
Category
Security
Occurrences
23
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot add new property \$$name to instance of "'.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Use of a direct database call is discouraged.

Show 15 more
WARNINGMaintainabilityNo Caching21
Category
Maintainability
Occurrences
21
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORI18nMissing Translators Comment15
Category
I18n
Occurrences
15
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORSecuritySQL query is not prepared14
Category
Security
Occurrences
14
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $prepare

WARNINGSecurityInput is not validated14
Category
Security
Occurrences
14
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['mmp-tab']. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed constant13
Category
Maintainability
Occurrences
13
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "PLUGIN_VERSION".

ERRORI18nMissing Arg Domain11
Category
I18n
Occurrences
11
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nNon Singular String Literal Text11
Category
I18n
Occurrences
11
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $item["text"]

ERRORMaintainabilityNon Enqueued Script9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

ERRORSecurityDatabase parameter is not escaped8
Category
Security
Occurrences
8
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 168.

ERRORMaintainabilitywp function not compatible with requires wp8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

Function "determine_locale()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.5.1.

WARNINGMaintainabilityNon-prefixed function7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_mergado_marketing_pack".

ERRORSecurityUnsafe printing function7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityShort PHP open tag found6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Possible use of short open tags detected; found: <?//= $wizardData['cronUrl'] ?><!--</div>-...

WARNINGSecuritywp redirect wp redirect6
Category
Security
Occurrences
6
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityNo PHP code found5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

External Connections

Potential connections found in static code analysis.

35 domains

Outbound calls

62

External assets

7

Incoming endpoints

14

Notable Domains

mergado.cz11 · outbound
mergado.com9 · outbound
app.mergado.com2 · outbound
im9.cz2 · outbound
pack.mergado.com2 · outbound

Platform / Reference Domains

cs.wordpress.org3 · platform/reference
github.com3 · platform/reference
gnu.org1 · platform/reference
w3.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

apis.google.com6 · asset
c.seznam.cz1 · asset

Incoming Endpoints

wp_ajax_nopriv_get_ga4_cart_datapublic

wp_ajax

Admin AJAX endpoints13
wp_ajax_ajax_add_alertauthenticated

wp_ajax

wp_ajax_ajax_cookieauthenticated

wp_ajax

wp_ajax_ajax_disable_alertauthenticated

wp_ajax

wp_ajax_ajax_disable_sectionauthenticated

wp_ajax

wp_ajax_ajax_generate_feedauthenticated

wp_ajax

wp_ajax_ajax_get_google_reviews_gtin_valuesauthenticated

wp_ajax

wp_ajax_ajax_get_schedule_estimateauthenticated

wp_ajax

wp_ajax_ajax_lower_cron_product_stepauthenticated

wp_ajax

wp_ajax_ajax_newsauthenticated

wp_ajax

wp_ajax_ajax_save_import_urlauthenticated

wp_ajax

wp_ajax_ajax_save_wp_cronauthenticated

wp_ajax

wp_ajax_ajax_set_wizard_completeauthenticated

wp_ajax

1 more hidden

Score History

First score snapshot

v4.2.1

21

Latest

Findings
2,911
Errors
2,323
Warnings
588
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins