PluginScore

MyWorks Sync for WooCommerce & Xero

Automatically sync your customers, orders, inventory and more in real time between your WooCommerce store and Xero - managed directly inside WooCommer …

v1.3.2MyWorksUpdated Added 800 installs100% rating
woocommercewoocommerce xerowoocommerce xero syncwoocommerce-syncxero
29
Score
1
Errors
1,080
Warnings
+0
Change

Category Scores

Security0
Repo88
Performance100
Maintainability29

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,081 findings

Maintainability

1,017

13 issue groups

Security

61

5 issue groups

Repo Compliance

3

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Item".798
Category
Maintainability
Occurrences
798
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$Item".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.106
Category
Maintainability
Occurrences
106
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().84
Category
Maintainability
Occurrences
84
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $count_query used in $wpdb->get_var()\n$count_query assigned unsafely at line 58.22
Category
Security
Occurrences
22
Severity
warning

Sample message

Unescaped parameter $count_query used in $wpdb->get_var()\n$count_query assigned unsafely at line 58.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.18
Category
Security
Occurrences
18
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityRequest data is not unslashed$_COOKIE[$this->_cookie] not unslashed before sanitization. Use wp_unslash() or similar12
Category
Security
Occurrences
12
Severity
warning

Sample message

$_COOKIE[$this->_cookie] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
Show 11 more
WARNINGSecurityInput is not validated4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['mw_wc_xero_sync_ivnt_pull_interval_time']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityerror log var dump2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_dump
WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
WARNINGMaintainabilityslow db query meta value1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "MWXS_C_Settings".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "MW_XERO_DEBUG_LOGGING".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon-prefixed global variable1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "$name".

WordPress.NamingConventions.PrefixAllGlobals.VariableConstantNameFound
WARNINGMaintainabilityerror log debug backtrace1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags
WARNINGRepo Compliancereadme parser warnings trimmed short description1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

readme_parser_warnings_trimmed_short_description

External Connections

Potential connections found in static code analysis.

57 domains

Outbound calls

278

External assets

1

Incoming endpoints

21

Notable Domains

datatracker.ietf.org27 · outbound
packagist.org25 · outbound
thephpleague.com25 · outbound
tools.ietf.org18 · outbound
php.net16 · outbound
myworks.software10 · outbound

Platform / Reference Domains

github.com46 · platform/reference
opensource.org28 · platform/reference
gnu.org1 · platform/reference
w3.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

fonts.googleapis.com1 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints21
wp_ajax_myworks_wc_xero_sync_automap_customers_wf_xfauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_automap_products_wf_xfauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_automap_variations_wf_xfauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_check_licenseauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_all_log_errorsauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_all_logsauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_all_mappingsauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_all_pending_queuesauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_all_queuesauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_customer_mappingsauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_product_mappingsauthenticated

wp_ajax

wp_ajax_myworks_wc_xero_sync_clear_variation_mappingsauthenticated

wp_ajax

9 more hidden

Score History

First score snapshot

v1.3.2

29

Latest

Findings
1,081
Errors
1
Warnings
1,080
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
EU Withdrawal Compliance

800 active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100
Kliken: Ads + Pixel for Meta

40k+ active installs

100
Live Carts for WooCommerce: Track Real-Time, Abandoned, and Converted Carts!

600 active installs

100