Product Editor Pro – WooCommerce Bulk Edit: Prices, Stock, Images, Titles, CSV Import & More

The fastest WooCommerce Bulk Editor: Mass edit prices, stock, titles, images, SKU & categories. CSV import/export. Undo. Save hours every week!

v2.3.1toptimaUpdated 2 months agoAdded 4 years ago1k+ installs92% rating

CSV Import bulk edit price editor stock management woocommerce

Score

2,154

Errors

4,833

Warnings

Change

Category Scores

Security0

Repo94

Performance100

Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

6,987 findings

Maintainability

4,907

14 issue groups

Security

1,984

9 issue groups

I18n

2 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".4,154

Category: Maintainability
Occurrences: 4,154
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account_addon_ids".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.1,894

Category: Security
Occurrences: 1,894
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <a href='{$skip_url}' class='button button-small button-secondary'>{$use_plugin_anonymously_text}</a>"'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".224

Category: Maintainability
Occurrences: 224
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_fs_text".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

ERRORMaintainabilitybadly named filesFile and folder names must not contain spaces or special characters.118

Category: Maintainability
Occurrences: 118
Severity: error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".112

Category: Maintainability
Occurrences: 112
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "FS_Admin_Menu_Manager".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.88

Category: Maintainability
Occurrences: 88
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().76

Category: Maintainability
Occurrences: 76
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_API__ADDRESS".56

Category: Maintainability
Occurrences: 56
Severity: warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "FS_API__ADDRESS".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.36

Category: I18n
Occurrences: 36
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $keep_count at "DELETE FROM $table_name WHERE id NOT IN (SELECT id FROM (SELECT id FROM $table_name ORDER BY id DESC LIMIT $keep_count) as sub);"28

Category: Security
Occurrences: 28
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $keep_count at "DELETE FROM $table_name WHERE id NOT IN (SELECT id FROM (SELECT id FROM $table_name ORDER BY id DESC LIMIT $keep_count) as sub);"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

Show 15 more

ERRORMaintainabilityMissing direct file access protection17

Category: Maintainability
Occurrences: 17
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

WARNINGMaintainabilityMissing Version16

Category: Maintainability
Occurrences: 16
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

ERRORMaintainabilityShort PHP open tag found14

Category: Maintainability
Occurrences: 14
Severity: error

Sample message

Short PHP opening tag used with echo; expected "<?php echo $column_name ..." but found "<?= $column_name ..."

Generic.PHP.DisallowShortOpenTag.EchoFound

ERRORSecurityException output is not escaped14

Category: Security
Occurrences: 14
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

WARNINGSecurityMissing nonce verification12

Category: Security
Occurrences: 12
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORMaintainabilityfile system operations fclose12

Category: Maintainability
Occurrences: 12
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

ERRORI18nUnordered Placeholders Text12

Category: I18n
Occurrences: 12
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$s", but got "%d, %s" in '⚡ You\'ve selected more than %d products! Unlock unlimited bulk editing with Premium and save hours of manual work. <a href="%s" target="_blank" style="font-weight:bold;">Upgrade Now →</a>'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

WARNINGSecurityInput is not sanitized10

Category: Security
Occurrences: 10
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES['csv_file']['tmp_name']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityDatabase parameter is not escaped8

Category: Security
Occurrences: 8
Severity: warning

Sample message

Unescaped parameter $table used in $wpdb->get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilitySchema Change8

Category: Maintainability
Occurrences: 8
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

ERRORSecuritySQL query is not prepared8

Category: Security
Occurrences: 8
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $reverse_id

WordPress.DB.PreparedSQL.NotPrepared

ERRORSecurityDatabase parameter is not escaped6

Category: Security
Occurrences: 6
Severity: error

Sample message

Unescaped parameter $keep_count used in $wpdb->query()\n$keep_count used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilityNon-prefixed hook name6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "fs_plugins_api".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGMaintainabilityNot In Footer6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter

WARNINGSecurityInput is not validated4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['_wpnonce']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Score History

First score snapshot

2 days ago

v2.3.1

Latest

Findings: 6,987
Errors: 2,154
Warnings: 4,833
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	24	6,987	2,154	4,833	v2.3.1	2.0.0

Related Plugins

Bulk remove posts from category

10k+ active installs

WP All Import – Import Add-On for ACF

40k+ active installs

Bulk Price Update for Woocommerce

2k+ active installs

ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)

4k+ active installs

Media Library Helper — Bulk edit image ALT, caption & description

10k+ active installs

ACF Quick Edit Fields

30k+ active installs