PluginScore

Paybox WooCommerce Payment Gateway

This plugin is a Paybox payment gateway for WooCommerce 4.x

v0.9.9.9Verifone e-commerceUpdated Added 500 installs60% rating
e-commerceorderspaymentpayment gatewaywoocommerce
35
Score
165
Errors
88
Warnings
+0
Change

Category Scores

Security0
Repo80
Performance100
Maintainability66

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

253 findings

I18n

121

5 issue groups

Security

93

10 issue groups

Maintainability

31

10 issue groups

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: WC_PAYBOX_PLUGIN98
Category
I18n
Occurrences
98
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: WC_PAYBOX_PLUGIN

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.18
Category
Security
Occurrences
18
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['key']16
Category
Security
Occurrences
16
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['key']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_POST["woocommerce_paybox_3x_hmackey"] not unslashed before sanitization. Use wp_unslash() or similar15
Category
Security
Occurrences
15
Severity
warning

Sample message

$_POST["woocommerce_paybox_3x_hmackey"] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.14
Category
Security
Occurrences
14
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST["woocommerce_paybox_3x_hmackey"]. Check that the array index exists before using it.14
Category
Security
Occurrences
14
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST["woocommerce_paybox_3x_hmackey"]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $defaults['description']13
Category
I18n
Occurrences
13
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $defaults['description']

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "PayboxEncrypt".10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "PayboxEncrypt".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nText Domain MismatchMismatched text domain. Expected 'paybox-woocommerce-gateway' but got 'woocommerce'.5
Category
I18n
Occurrences
5
Severity
error

Sample message

Mismatched text domain. Expected 'paybox-woocommerce-gateway' but got 'woocommerce'.

WordPress.WP.I18n.TextDomainMismatchReference
Show 15 more
WARNINGSecurityMissing nonce verification4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORI18nMissing Translators Comment4
Category
I18n
Occurrences
4
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGMaintainabilityDirect Query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORSecuritySQL query is not prepared3
Category
Security
Occurrences
3
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed constant3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WC_PAYBOX_KEY_PATH".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon-prefixed hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "description".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Paybox WooCommerce Payment Gateway" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.

trademarked_term
ERRORSecurityDatabase parameter is not escaped2
Category
Security
Occurrences
2
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_col()\n$sql assigned unsafely at line 469.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityNo Caching2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityDynamic hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "WC_PAYBOX_PLUGIN".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon-prefixed function2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "Pbx_hmac_admin_notice".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
ERRORMaintainabilitywp function not compatible with requires wp2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Function "utf8_decode()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 5.0.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

External Connections

Potential connections found in static code analysis.

6 domains

Outbound calls

8

External assets

0

Incoming endpoints

0

Notable Domains

paybox.com2 · outbound
bm-services.com1 · outbound
preprod-tpeweb.paybox.com1 · outbound
tpeweb.paybox.com1 · outbound
tpeweb1.paybox.com1 · outbound

Platform / Reference Domains

opensource.org2 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v0.9.9.9

35

Latest

Findings
253
Errors
165
Warnings
88
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Order Limit For WooCommerce ( Free Version )

800 active installs

100
Paystack WooCommerce Payment Gateway

30k+ active installs

100
Block Specific Spam Woo Orders

1k+ active installs

99
Clover Payment Gateway by Zaytech for WooCommerce

600 active installs

99