PDF Invoice for WooCommerce + Drag and Drop Template Builder

Provides features to create PDF files from form submissions and attach files to email notifications.

v7.1.0add-ons.orgUpdated Added 400 installs100% rating
25
Score
1,008
Errors
216
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance98
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,224 findings

Maintainability

1,119

12 issue groups

Security

78

8 issue groups

I18n

26

1 issue group

Performance

1

1 issue group

ERRORMaintainabilitywp function not compatible with requires wpFunction "__()" requires WordPress 2.1.0, but your plugin minimum supported version is WordPress 2.0.0.981
Category
Maintainability
Occurrences
981
Severity
error

Sample message

Function "__()" requires WordPress 2.1.0, but your plugin minimum supported version is WordPress 2.0.0.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_product".82
Category
Maintainability
Occurrences
82
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_product".

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.26
Category
Security
Occurrences
26
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nText Domain MismatchMismatched text domain. Expected 'pdf-for-woocommerce' but got "yeekit".26
Category
I18n
Occurrences
26
Severity
error

Sample message

Mismatched text domain. Expected 'pdf-for-woocommerce' but got "yeekit".

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "FrameFiller".17
Category
Maintainability
Occurrences
17
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "FrameFiller".

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.17
Category
Security
Occurrences
17
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGSecurityRequest data is not unslashed$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar12
Category
Security
Occurrences
12
Severity
warning

Sample message

$_GET['id'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $pdf_creator at "SHOW TABLES LIKE '$pdf_creator'"9
Category
Security
Occurrences
9
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $pdf_creator at "SHOW TABLES LIKE '$pdf_creator'"

Show 12 more
WARNINGSecurityDatabase parameter is not escaped7
Category
Security
Occurrences
7
Severity
warning

Sample message

Unescaped parameter $pdf_creator used in $wpdb->get_var()\n$pdf_creator assigned unsafely at line 83.

WARNINGMaintainabilityNot In Footer7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityNon-prefixed hook name4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "builder_yeepdfs".

WARNINGSecurityInput is not sanitized4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_REQUEST['_wpnonce']

WARNINGMaintainabilityerror log error log2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityslow db query meta key1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST["id"]. Check that the array index exists before using it.

WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_register_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGPerformancePost Not In exclude1
Category
Performance
Occurrences
1
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

External Connections

Potential connections found in static code analysis.

50 domains

Outbound calls

292

External assets

1

Incoming endpoints

7

Notable Domains

setasign.com48 · outbound
tools.ietf.org19 · outbound
yamasoft.com12 · outbound
sourceforge.net11 · outbound
code.google.com10 · outbound
microsoft.com10 · outbound

Platform / Reference Domains

opensource.org46 · platform/reference
w3.org33 · platform/reference
github.com18 · platform/reference
dev.w3.org2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

bpm1.com1 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints7
wp_ajax_pdf_reset_templateauthenticated

wp_ajax

wp_ajax_yeepdf_builder_export_htmlauthenticated

wp_ajax

wp_ajax_yeepdf_builder_textauthenticated

wp_ajax

wp_ajax_yeepdf_convert_pdfauthenticated

wp_ajax

wp_ajax_yeepdf_dropbox_client_id_validateauthenticated

wp_ajax

wp_ajax_yeepdf_import_templateauthenticated

wp_ajax

wp_ajax_yeepdf_remove_fontauthenticated

wp_ajax

Score History

First score snapshot

v7.1.0

25

Latest

Findings
1,224
Errors
1,008
Warnings
216
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins