Moyasar

Moyasar Payment Gateway, Adds credit/debit card (Visa, MasterCard, Mada and American Express), Apple Pay, Samsung, and STC Pay payment capabilities to …

v8.0.7MoyasarUpdated Added 700 installs60% rating100% support resolved
35
Score
436
Errors
128
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability57

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

564 findings

I18n

331

4 issue groups

Security

185

9 issue groups

Maintainability

41

12 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'moyasar' but got 'moyasar-payments'.308
Category
I18n
Occurrences
308
Severity
error

Sample message

Mismatched text domain. Expected 'moyasar' but got 'moyasar-payments'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.70
Category
Security
Occurrences
70
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.33
Category
Security
Occurrences
33
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.20
Category
I18n
Occurrences
20
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$clean_message'.16
Category
Security
Occurrences
16
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$clean_message'.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_wpnonce']16
Category
Security
Occurrences
16
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['_wpnonce']

WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar16
Category
Security
Occurrences
16
Severity
warning

Sample message

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.14
Category
Security
Occurrences
14
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

Show 15 more
ERRORSecuritySQL query is not prepared7
Category
Security
Occurrences
7
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query_cards

WARNINGSecuritywp redirect wp redirect7
Category
Security
Occurrences
7
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORSecurityDatabase parameter is not escaped6
Category
Security
Occurrences
6
Severity
error

Sample message

Unescaped parameter $query_instant used in $wpdb->get_var()\n$query_instant assigned unsafely at line 289.

WARNINGMaintainabilityNon-prefixed class6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WC_Gateway_Moyasar".

WARNINGMaintainabilityMissing Version4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGMaintainabilityslow db query meta query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityNon-prefixed function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_moyasar_payments".

WARNINGMaintainabilityNon-prefixed hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "subscrpt_subscription_payment_failed".

ERRORMaintainabilityparse url parse url3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WARNINGMaintainabilityNon-prefixed global variable2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$product".

ERRORI18nUnordered Placeholders Text2
Category
I18n
Occurrences
2
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Quick Buy with %s ending in %s'.

WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

External Connections

Potential connections found in static code analysis.

7 domains

Outbound calls

16

External assets

3

Incoming endpoints

15

Notable Domains

moyasar.com5 · outbound
api.moyasar.com4 · outbound
docs.moyasar.com4 · outbound

Platform / Reference Domains

w3.org2 · platform/reference

External Asset Domains

Incoming Endpoints

wp_ajax_nopriv_moyasar_apple_pay_authorizedpublic

wp_ajax

wp_ajax_nopriv_moyasar_apple_pay_get_shipping_methodspublic

wp_ajax

wp_ajax_nopriv_moyasar_cc_verify_callbackpublic

wp_ajax

wp_ajax_nopriv_moyasar_instant_checkoutpublic

wp_ajax

wp_ajax_nopriv_moyasar_stc_pay_confirmpublic

wp_ajax

wp_ajax_nopriv_moyasar_stc_pay_initpublic

wp_ajax

Admin AJAX endpoints7
wp_ajax_moyasar_cc_verify_callbackauthenticated

wp_ajax

wp_ajax_moyasar_apple_pay_authorizedauthenticated

wp_ajax

wp_ajax_moyasar_apple_pay_get_shipping_methodsauthenticated

wp_ajax

wp_ajax_moyasar_instant_checkoutauthenticated

wp_ajax

wp_ajax_moyasar_stc_pay_confirmauthenticated

wp_ajax

wp_ajax_moyasar_stc_pay_initauthenticated

wp_ajax

wp_ajax_moyasar_verify_tokenauthenticated

wp_ajax

Score History

3 score snapshots

+0
1007550250Jun 25, 2026, 10:37 AM UTC Score 35/100 Plugin v8.0.4 Plugin Check 2.0.0 436 errors, 128 warningsJun 28, 2026, 10:34 AM UTC Score 35/100 Plugin v8.0.5 Plugin Check 2.0.0 436 errors, 132 warningsJun 30, 2026, 02:01 PM UTC Score 35/100 Plugin v8.0.7 Plugin Check 2.0.0 436 errors, 128 warningsJun 25, 2026Jun 30, 2026

v8.0.7

35

Latest

Findings
564
Errors
436
Warnings
128
Check
2.0.0

v8.0.5

35

Score

Findings
568
Errors
436
Warnings
132
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins