Shipmondo for WooCommerce – Provide pick-up points in checkout and manage shipping easily
Prioritized issue groups from the latest Plugin Check scan
Security
168
10 issue groups
Maintainability
53
9 issue groups
I18n
42
6 issue groups
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"\n$file, $func, $line\n"'.
Sample message
Processing form data without nonce verification.
Sample message
Mismatched text domain. Expected 'pakkelabels-for-woocommerce' but got 'woocommerce'.
Sample message
Detected usage of a non-sanitized input variable: $_POST['agent']
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "static::getFilterName('args', 'templating')".
Sample message
$_POST['agent'] not unslashed before sanitization. Use wp_unslash() or similar
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['agent']. Check that the array index exists before using it.
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $field at "UPDATE {$wpdb->prefix}$table SET $field = %s WHERE $primary_key = {$original->{$primary_key}}"
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$address".
Sample message
All output should be run through an escaping function (like echo esc_html_x() or echo esc_attr_x()), found '_ex'.
Sample message
Use of a direct database call is discouraged.
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Sample message
The $domain parameter must be a single text string literal. Found: $text_domain
Sample message
The $text parameter must be a single text string literal. Found: $display
Sample message
Use placeholders and $wpdb->prepare(); found $_sql
Sample message
Missing $domain parameter in function call to __().
Sample message
The $context parameter must be a single text string literal. Found: $description
Sample message
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 117.
Sample message
Unescaped parameter $table used in $wpdb->get_results()\n$where assigned unsafely at line 207.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
Sample message
debug_backtrace() found. Debug code should not normally be used in production.
Sample message
error_log() found. Debug code should not normally be used in production.
Sample message
var_dump() found. Debug code should not normally be used in production.
Not analyzed yet.
First score snapshot
v5.0.8
32
Latest
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 32 | 285 | 166 | 119 | v5.0.8 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.