PluginScore

Pagopar – WooCommerce Gateway

Vendé a todo el país con los principales medios de pago.

v2.8.13Pagopar - Grupo M S.A.Updated Added 400 installs60% rating
bancardpagoparpixtarjetas de credito y billeteras electronicasupay
18
Score
530
Errors
1,215
Warnings
+0
Change

Category Scores

Security0
Repo52
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,745 findings

Security

748

7 issue groups

Maintainability

672

16 issue groups

I18n

242

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".290
Category
Maintainability
Occurrences
290
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$args".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['direccion']. Check that the array index exists before using it.191
Category
Security
Occurrences
191
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['direccion']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nText Domain MismatchMismatched text domain. Expected 'pagopar-woocommerce-gateway' but got 'pagopar'.186
Category
I18n
Occurrences
186
Severity
error

Sample message

Mismatched text domain. Expected 'pagopar-woocommerce-gateway' but got 'pagopar'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['direccion']173
Category
Security
Occurrences
173
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['direccion']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_GET['direccion'] not unslashed before sanitization. Use wp_unslash() or similar173
Category
Security
Occurrences
173
Severity
warning

Sample message

$_GET['direccion'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.133
Category
Security
Occurrences
133
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "actualizarZonaCiudadPagopar".108
Category
Maintainability
Occurrences
108
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "actualizarZonaCiudadPagopar".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
ERRORI18nNo Empty StringsThe $text text string should have translatable content. Found: ''56
Category
I18n
Occurrences
56
Severity
error

Sample message

The $text text string should have translatable content. Found: ''

WordPress.WP.I18n.NoEmptyStringsReference
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.54
Category
Maintainability
Occurrences
54
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.52
Category
Maintainability
Occurrences
52
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt
Show 15 more
ERRORSecuritySQL query is not prepared34
Category
Security
Occurrences
34
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $fecha

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityDatabase parameter is not escaped28
Category
Security
Occurrences
28
Severity
warning

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 1318.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityslow db query meta query19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_query
WARNINGMaintainabilityMissing Version19
Category
Maintainability
Occurrences
19
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilityMissing direct file access protection19
Category
Maintainability
Occurrences
19
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORMaintainabilitywp function not compatible with requires wp18
Category
Maintainability
Occurrences
18
Severity
error

Sample message

Function "_wp_get_current_user()" requires WordPress 4.5.0, but your plugin minimum supported version is WordPress 4.0.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGSecurityNonce verification recommended16
Category
Security
Occurrences
16
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilitycurl curl exec15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec
ERRORMaintainabilitycurl curl init15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_init
ERRORMaintainabilitycurl curl close14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close
ERRORMaintainabilitycurl curl error11
Category
Maintainability
Occurrences
11
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_error
WARNINGMaintainabilityDiscouraged PHP function10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGMaintainabilityNon-prefixed class10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "AdminHelpers".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityNon-prefixed hook name10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "woocommerce_' . $this->id . '_icon".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityprevent path disclosure error reporting8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

error_reporting() can lead to full path disclosure.

WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting

External Connections

Potential connections found in static code analysis.

32 domains

Outbound calls

96

External assets

2

Incoming endpoints

26

Notable Domains

api-plugins.pagopar.com47 · outbound
soporte.pagopar.com10 · outbound
pagopar.com8 · outbound
leafletjs.com2 · outbound
vpos.infonet.com.py2 · outbound
assets.kogan.com1 · outbound

Platform / Reference Domains

wordpress.org2 · platform/reference
github.com1 · platform/reference
w3.org1 · platform/reference

External Asset Domains

cdn.pagopar.com2 · asset + outbound
137.184.98.2291 · asset

Incoming Endpoints

wp_ajax_nopriv_pagopar_agregar_tarjetapublic

wp_ajax

wp_ajax_nopriv_change_order_reviewpublic

wp_ajax

wp_ajax_nopriv_non_pagopar_checkoutpublic

wp_ajax

wp_ajax_nopriv_pagopar_add_feespublic

wp_ajax

wp_ajax_nopriv_pagopar_borrar_tarjetapublic

wp_ajax

wp_ajax_nopriv_pagopar_catastro_guardar_datos_faltantespublic

wp_ajax

Admin AJAX endpoints12
wp_ajax_pagopar_agregar_tarjetaauthenticated

wp_ajax

wp_ajax_change_order_reviewauthenticated

wp_ajax

wp_ajax_non_pagopar_checkoutauthenticated

wp_ajax

wp_ajax_pagopar_add_feesauthenticated

wp_ajax

wp_ajax_pagopar_borrar_tarjetaauthenticated

wp_ajax

wp_ajax_pagopar_catastro_guardar_datos_faltantesauthenticated

wp_ajax

wp_ajax_pagopar_categoriesauthenticated

wp_ajax

wp_ajax_pagopar_checkoutauthenticated

wp_ajax

wp_ajax_pagopar_checkout_change_priceauthenticated

wp_ajax

wp_ajax_pagopar_confirmar_tarjetaauthenticated

wp_ajax

wp_ajax_pagopar_reversar_pagoauthenticated

wp_ajax

wp_ajax_set_fleteauthenticated

wp_ajax

Score History

First score snapshot

v2.8.13

18

Latest

Findings
1,745
Errors
530
Warnings
1,215
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

OpenPix for WooCommerce

500 active installs

82
Virtuaria PagBank / PagSeguro for WooCommerce

1k+ active installs

59
CIELO API PIX, credit card, debit payment for WooCommerce

700 active installs

56
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit

1k+ active installs

49
PagHiper Boleto e PIX para WooCommerce

1k+ active installs

34
Pix Automático com Pagarme para WooCommerce

500 active installs

34