Provides a cash payment method with Openpay for WooCommerce.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
103
16 issue groups
I18n
45
4 issue groups
Security
40
5 issue groups
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".51
- Category
- Maintainability
- Occurrences
- 51
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".
ERRORI18nText Domain MismatchMismatched text domain. Expected 'openpay-stores' but got 'openpay_stores'.35
- Category
- I18n
- Occurrences
- 35
- Severity
- error
Sample message
Mismatched text domain. Expected 'openpay-stores' but got 'openpay_stores'.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" - {$file}\n"'.23
- Category
- Security
- Occurrences
- 23
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" - {$file}\n"'.
ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo $images_url ..." but found "<?= $images_url ..."13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- error
Sample message
Short PHP opening tag used with echo; expected "<?php echo $images_url ..." but found "<?= $images_url ..."
ERRORMaintainabilityOffloaded ContentOffloading images, js, css, and other scripts to your servers or any remote service is disallowed.12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- error
Sample message
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.8
- Category
- Security
- Occurrences
- 8
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_install_woocommerce".4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_install_woocommerce".
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_SERVER['HTTP_CLIENT_IP']4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_SERVER['HTTP_CLIENT_IP']
WARNINGSecurityRequest data is not unslashed$_SERVER['HTTP_CLIENT_IP'] not unslashed before sanitization. Use wp_unslash() or similar4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
$_SERVER['HTTP_CLIENT_IP'] not unslashed before sanitization. Use wp_unslash() or similar
Show 15 moreShow less
ERRORI18nMissing Translators Comment4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORI18nNo Empty Strings4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
The $text text string should have translatable content. Found: ''
ERRORMaintainabilitywp function not compatible with requires wp4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Function "has_block()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.8.0.
ERRORMaintainabilityMissing direct file access protection3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityNon-prefixed constant2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WC_TAX_ROUNDING_MODE".
ERRORMaintainabilityparse url parse url2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORI18nMissing Arg Domain2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilitytrademarked term2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "Openpay Stores Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.
ERRORMaintainabilityPlugin Directory Write1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
WARNINGMaintainabilityDirect Query1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGSecurityInterpolated SQL is not prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$table} at "SHOW TABLES LIKE '{$table}'"
ERRORMaintainabilitytimezone change date default timezone set1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using date_default_timezone_set() and similar isn't allowed, instead use WP internal timezone support.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "TestableOpenpayWebhookProcessorService".
WARNINGMaintainabilityerror log error log1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
External Connections
Potential connections found in static code analysis.
Outbound calls
57
External assets
12
Incoming endpoints
0
Notable Domains
Platform / Reference Domains
External Asset Domains
Incoming Endpoints
No public endpoints detected.
Score History
First score snapshot
v2.0.1
31
Latest
- Findings
- 196
- Errors
- 121
- Warnings
- 75
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 31 | 196 | 121 | 75 | v2.0.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Domain
Related
Author
Issue
Domain
Related
Related Plugins
1k+ active installs
10k+ active installs
800 active installs
2k+ active installs
500 active installs