PluginScore

NOWPayments for WooCommerce – Crypto Payment Gateway

Accept Bitcoin, Ethereum, and 300+ cryptocurrencies in WooCommerce using the official NOWPayments crypto payment gateway.

v1.4.0CoderPressUpdated Added 4k+ installs84% rating
bitcoin payment gatewaycrypto checkoutcryptocurrency paymentsethereumwoocommerce crypto
25
Score
534
Errors
1,306
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability2

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,840 findings

Maintainability

1,316

21 issue groups

Security

523

4 issue groups

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".1,087
Category
Maintainability
Occurrences
1,087
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.514
Category
Security
Occurrences
514
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.103
Category
Maintainability
Occurrences
103
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;_fs_text&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityNon Prefixed Class FoundClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.59
Category
Maintainability
Occurrences
59
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_Admin_Menu_Manager&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon Prefixed Constant FoundGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.26
Category
Maintainability
Occurrences
26
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_API__ADDRESS&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_plugins_api&quot;.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;fs_plugins_api&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.9.0.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Function "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 4.9.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
Show 15 more
WARNINGMaintainabilityMissing Version3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "NOWPayments for WooCommerce – Crypto Payment Gateway" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
ERRORMaintainabilityplugin updater detected2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: class FS_Plugin_Updater

plugin_updater_detected
WARNINGMaintainabilityupdate modification detected2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins

update_modification_detectedReference
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
ERRORMaintainabilityPlugin Directory Write1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of constant WP_PLUGIN_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite
ERRORSecurityUnescaped DBParameter1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 608.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityDynamic Hookname Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;{$module_type}_update_check_locales&quot;.

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon Prefixed Interface Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Interfaces declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;FS_I_Garbage_Collector&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedInterfaceFound
WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGMaintainabilityNot In Footer1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
ERRORMaintainabilityapplication detected1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Application files are not permitted.

application_detected
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "NOWPayments for WooCommerce – Crypto Payment Gateway" is different from the name declared in plugin header "NOWPayments for WooCommerce".

mismatched_plugin_nameReference
ERRORMaintainabilitymissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference

Score History

First score snapshot

v1.4.0

25

Latest

Findings
1,840
Errors
534
Warnings
1,306
Check
2.0.0

Related Plugins

Coinbase Commerce Payment Gateway for WooCommerce

4k+ active installs

94
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce

8k+ active installs

85