Official plugin for selecting Packeta pickup points or address delivery and submitting orders directly from your e-shop.
Category Scores
Top Issues by Category
security727
maintainability353
supply_chain5
Issues Details
1,135 issues found in latest scan
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (output started at {$file}:{$line})"'.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (validator '{$rule->validator}')."'.
trigger_error() found. Debug code should not normally be used in production.
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Detected usage of a non-sanitized input variable: $_COOKIE[$this->cookieName]
$_COOKIE[$this->cookieName] not unslashed before sanitization. Use wp_unslash() or similar
Stylesheets must be registered/enqueued via wp_enqueue_style()
var_export() found. Debug code should not normally be used in production.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
debug_backtrace() found. Debug code should not normally be used in production.
Scripts must be registered/enqueued via wp_enqueue_script()
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Detected usage of a possibly undefined superglobal array index: $_SERVER[$tmp]. Check that the array index exists before using it.
unlink() is discouraged. Use wp_delete_file() to delete a file.
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
Unescaped parameter $query used in $wpdb->get_col()\n$query used without escaping.
set_error_handler() found. Debug code should not normally be used in production.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
rename() is discouraged. Use WP_Filesystem::move() to rename a file.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (output started at {$file}:{$line})"'. | 508 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" (validator '{$rule->validator}')."'. | 129 |
| WordPress.PHP.DevelopmentFunctions.error_log_trigger_error | WARNING | trigger_error() found. Debug code should not normally be used in production. | 106 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$__composer_autoload_files". | 73 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 49 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_COOKIE[$this->cookieName] | 42 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_COOKIE[$this->cookieName] not unslashed before sanitization. Use wp_unslash() or similar | 35 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function ini_set() is discouraged | 16 |
| WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet | ERROR | Stylesheets must be registered/enqueued via wp_enqueue_style() | 13 |
| WordPress.PHP.DevelopmentFunctions.error_log_var_export | WARNING | var_export() found. Debug code should not normally be used in production. | 12 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 11 |
| WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace | WARNING | debug_backtrace() found. Debug code should not normally be used in production. | 10 |
| WordPress.WP.EnqueuedResources.NonEnqueuedScript | ERROR | Scripts must be registered/enqueued via wp_enqueue_script() | 10 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 9 |
| WordPress.WP.AlternativeFunctions.strip_tags_strip_tags | ERROR | strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead. | 9 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_SERVER[$tmp]. Check that the array index exists before using it. | 8 |
| Generic.PHP.DiscourageGoto.Found | ERROR | The "goto" language construct should not be used. | 7 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 6 |
| PluginCheck.CodeAnalysis.Offloading.OffloadedContent | ERROR | Offloading images, js, css, and other scripts to your servers or any remote service is disallowed. | 5 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $query used in $wpdb->get_col()\n$query used without escaping. | 5 |
| application_detected | ERROR | Application files are not permitted. | 5 |
| hidden_files | ERROR | Hidden files are not permitted. | 5 |
| WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler | WARNING | set_error_handler() found. Debug code should not normally be used in production. | 4 |
| WordPress.WP.AlternativeFunctions.file_system_operations_chmod | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod(). | 4 |
| WordPress.WP.AlternativeFunctions.rename_rename | ERROR | rename() is discouraged. Use WP_Filesystem::move() to rename a file. | 4 |
Latest Snapshot
Findings
1,135
Errors
802
Warnings
333
Score History
First score snapshot
First scan completed Jun 20, 2026
v2.2.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v2.2.0
21
Latest
- Findings
- 1,135
- Errors
- 802
- Warnings
- 333
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 21 | 1,135 | 802 | 333 | v2.2.0 | 2.0.0 | 2026.06-mvp-static-v2 |
