Product Catalog Simple

Catalog plugin with fully customizable responsive design, search and categories. Best for product catalog and services or portfolio presentation.

v1.8.6impleCodeUpdated 2 months agoAdded 11 years ago1k+ installs90% rating

catalog catalogue product product catalog product gallery

Score

1,555

Errors

1,982

Warnings

Change

Category Scores

Security0

Repo100

Performance87

Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

3,537 findings

Security

1,674

9 issue groups

Maintainability

1,422

12 issue groups

I18n

347

4 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_nav_menu_placeholder'.704

Category: Security
Occurrences: 704
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_nav_menu_placeholder'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_back_to_products_url".600

Category: Maintainability
Occurrences: 600
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_back_to_products_url".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'ic_catalog_' . $name".442

Category: Maintainability
Occurrences: 442
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'ic_catalog_' . $name".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.366

Category: Security
Occurrences: 366
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.222

Category: I18n
Occurrences: 222
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.208

Category: Security
Occurrences: 208
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$IC_Session".151

Category: Maintainability
Occurrences: 151
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$IC_Session".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGSecurityRequest data is not unslashed$_COOKIE[WP_SESSION_COOKIE] not unslashed before sanitization. Use wp_unslash() or similar135

Category: Security
Occurrences: 135
Severity: warning

Sample message

$_COOKIE[WP_SESSION_COOKIE] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[WP_SESSION_COOKIE]124

Category: Security
Occurrences: 124
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[WP_SESSION_COOKIE]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().70

Category: I18n
Occurrences: 70
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

Show 15 more

WARNINGSecurityMissing nonce verification57

Category: Security
Occurrences: 57
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityInput is not validated51

Category: Security
Occurrences: 51
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['product_csv']['name']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

WARNINGMaintainabilityNon-prefixed class46

Category: Maintainability
Occurrences: 46
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Elementor_IC_Show_Catalog_Widget".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

ERRORMaintainabilitywp function not compatible with requires wp39

Category: Maintainability
Occurrences: 39
Severity: error

Sample message

Function "current_action()" requires WordPress 3.9.0, but your plugin minimum supported version is WordPress 3.7.0.

wp_function_not_compatible_with_requires_wp Reference

ERRORI18nUnordered Placeholders Text34

Category: I18n
Occurrences: 34
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in '%sHere%s you can edit all text that is displayed inside the catalog container.'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

WARNINGMaintainabilityNon-prefixed constant33

Category: Maintainability
Occurrences: 33
Severity: warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "AL_BASE_PATH".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

WARNINGMaintainabilityDirect Query32

Category: Maintainability
Occurrences: 32
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo Caching29

Category: Maintainability
Occurrences: 29
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

ERRORI18nText Domain Mismatch21

Category: I18n
Occurrences: 21
Severity: error

Sample message

Mismatched text domain. Expected 'post-type-x' but got "ecommerce-product-catalog".

WordPress.WP.I18n.TextDomainMismatch Reference

ERRORSecuritySetting is missing a sanitization callback19

Category: Security
Occurrences: 19
Severity: error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing Reference

WARNINGMaintainabilityMissing Version16

Category: Maintainability
Occurrences: 16
Severity: warning

Sample message

Resource version not set in call to wp_register_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

ERRORMaintainabilityblock api version too low16

Category: Maintainability
Occurrences: 16
Severity: error

Sample message

Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.

block_api_version_too_low Reference

WARNINGSecuritywp redirect wp redirect10

Category: Security
Occurrences: 10
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGMaintainabilityslow db query tax query9

Category: Maintainability
Occurrences: 9
Severity: warning

Sample message

Detected usage of tax_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_tax_query

ERRORMaintainabilitydate date9

Category: Maintainability
Occurrences: 9
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

External Connections

Potential connections found in static code analysis.

25 domains

Outbound calls

277

External assets

Incoming endpoints

Notable Domains

implecode.com174 · outbound

php.net20 · outbound

jacklmoore.com6 · outbound

app.implecode.com5 · outbound

cdnjs.cloudflare.com4 · outbound

getharvest.com4 · outbound

Platform / Reference Domains

wordpress.org20 · platform/reference

gnu.org11 · platform/reference

github.com9 · platform/reference

codex.wordpress.org4 · platform/reference

schema.org3 · platform/reference

downloads.wordpress.org2 · platform/reference

ps.w.org1 · platform/reference

translate.wordpress.org1 · platform/reference

External Asset Domains

paypalobjects.com2 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_ic_self_submitpublic

wp_ajax

wp_ajax_nopriv_ic_user_hide_contentpublic

wp_ajax

Admin AJAX endpoints16

wp_ajax_hide_empty_bar_messageauthenticated

wp_ajax

wp_ajax_hide_ic_noticeauthenticated

wp_ajax

wp_ajax_hide_review_noticeauthenticated

wp_ajax

wp_ajax_hide_translate_noticeauthenticated

wp_ajax

wp_ajax_ic_add_catalog_shortcodeauthenticated

wp_ajax

wp_ajax_ic_ajax_hide_messageauthenticated

wp_ajax

wp_ajax_ic_assign_listingauthenticated

wp_ajax

wp_ajax_ic_is_woo_template_availableauthenticated

wp_ajax

wp_ajax_ic_search_docsauthenticated

wp_ajax

wp_ajax_ic_self_submitauthenticated

wp_ajax

wp_ajax_ic_submit_deactivation_reasonauthenticated

wp_ajax

wp_ajax_ic_user_hide_contentauthenticated

wp_ajax

4 more hidden

Score History

First score snapshot

3 days ago

v1.8.6

Latest

Findings: 3,537
Errors: 1,555
Warnings: 1,982
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
3 days agoLatest	24	3,537	1,555	1,982	v1.8.6	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

Related Plugins

Category Description for WooCommerce

600 active installs

100

Allow Only 1 Product in Cart

500 active installs

Coming Soon Products for WooCommerce

600 active installs

Hide Price Until User Login For Woocommerce

800 active installs

Manually Approved Reviews for WooCommerce

700 active installs

Remove SKU From Single Product page

1k+ active installs