onepay Payment Gateway For WooCommerce

onepay Payment Gateway allows you to accept payment on your Woocommerce store via Visa, MasterCard, AMEX, & Lanka QR services.

v1.1.3Onepay Sri LankaUpdated Added 900 installs100% rating
70
Score
49
Errors
13
Warnings
+0
Change

Category Scores

Security50
Repo94
Performance100
Maintainability91

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

62 findings

I18n

44

3 issue groups

Security

14

4 issue groups

Maintainability

3

2 issue groups

Repo Compliance

1

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'onepay-payment-gateway-for-woocommerce' but got 'onepay'.36
Category
I18n
Occurrences
36
Severity
error

Sample message

Mismatched text domain. Expected 'onepay-payment-gateway-for-woocommerce' but got 'onepay'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().7
Category
I18n
Occurrences
7
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_kses_normalize_entities'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wp_kses_normalize_entities'.

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGSecurityRequest data is not unslashed$_REQUEST['hash'] not unslashed before sanitization. Use wp_unslash() or similar2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_REQUEST['hash'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $this->description1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $this->description

ERRORRepo Complianceoutdated tested upto headerTested up to: 6.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.6 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

External Connections

Potential connections found in static code analysis.

3 domains

Outbound calls

4

External assets

0

Incoming endpoints

0

Notable Domains

onepay.lk2 · outbound

Platform / Reference Domains

github.com1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.1.3

70

Latest

Findings
62
Errors
49
Warnings
13
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins