Product Code for WooCommerce

This plugin will allow a user to add up to two additional internal product identifiers to the order process in addition to the GTIN, EAN, SKU, or UPC.

v1.5.11artiosmediaUpdated Added 1k+ installs98% rating
66
Score
13
Errors
54
Warnings
+0
Change

Category Scores

Security49
Repo89
Performance100
Maintainability77

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

67 findings

Maintainability

42

8 issue groups

Security

22

4 issue groups

Repo Compliance

2

2 issue groups

I18n

1

1 issue group

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.11
Category
Security
Occurrences
11
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;11
Category
Maintainability
Occurrences
11
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$checkCustomerPermission".8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$checkCustomerPermission".

WARNINGSecurityRequest data is not unslashed$_GET['s'] not unslashed before sanitization. Use wp_unslash() or similar8
Category
Security
Occurrences
8
Severity
warning

Sample message

$_GET['s'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "my_searchwp_custom_field_keys_product_code_variant".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "my_searchwp_custom_field_keys_product_code_variant".

WARNINGMaintainabilityNot In FooterIn footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['pcfw_settings_nonce']2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['pcfw_settings_nonce']

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

Show 5 more
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['pcfw_settings_nonce']. Check that the array index exists before using it.

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

ERRORRepo Compliancereadme mismatched header requires php1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched Requires PHP: 7.4.33 != 7.4. "Requires PHP" needs to be exactly the same with that in your main plugin file's header.

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

10

External assets

0

Incoming endpoints

6

Notable Domains

zeffy.com2 · outbound
artiosmedia.com1 · outbound

Platform / Reference Domains

wordpress.org6 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_product_codepublic

wp_ajax

Admin AJAX endpoints5
wp_ajax_pcfw_support_notificationauthenticated

wp_ajax

wp_ajax_product_codeauthenticated

wp_ajax

wp_ajax_product_code_dismiss_noticeauthenticated

wp_ajax

wp_ajax_product_code_review_clickedauthenticated

wp_ajax

wp_ajax_product_code_update_databaseauthenticated

wp_ajax

Score History

First score snapshot

v1.5.11

66

Latest

Findings
67
Errors
13
Warnings
54
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins