PluginScore

Razorpay for Gravity Forms

Allows you to use Razorpay payment gateway with the gravity forms plugin.

v1.3.7RazorpayUpdated Added 600 installs20% rating
GravityFormsecommerceindiapaymentsrazorpay
21
Score
411
Errors
47
Warnings
+0
Change

Category Scores

Security0
Repo72
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

458 findings

Maintainability

214

16 issue groups

Security

177

6 issue groups

I18n

13

2 issue groups

Supply Chain

5

1 issue group

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$char'.145
Category
Security
Occurrences
145
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$char'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.114
Category
Maintainability
Occurrences
114
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$amount'.20
Category
Security
Occurrences
20
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$amount'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORMaintainabilitycurl curl errnoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_errno
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
ERRORI18nText Domain MismatchMismatched text domain. Expected 'razorpay-gravity-forms' but got 'gravityforms'.7
Category
I18n
Occurrences
7
Severity
error

Sample message

Mismatched text domain. Expected 'razorpay-gravity-forms' but got 'gravityforms'.

WordPress.WP.I18n.TextDomainMismatchReference
Show 15 more
WARNINGMaintainabilityNo Caching6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORMaintainabilitycurl curl close6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close
ERRORMaintainabilitycurl curl error6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_error
ERRORMaintainabilitycurl curl exec6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec
ERRORMaintainabilityparse url parse url6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORI18nNon Singular String Literal Domain6
Category
I18n
Occurrences
6
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $this->_slug

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORSupply ChainHidden files included5
Category
Supply Chain
Occurrences
5
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGMaintainabilityNon-prefixed function4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "createRzpCron".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGSecurityDatabase parameter is not escaped3
Category
Security
Occurrences
3
Severity
warning

Sample message

Unescaped parameter $tableName used in $wpdb->get_results()\n$tableName assigned unsafely at line 153.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInterpolated SQL is not prepared3
Category
Security
Occurrences
3
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $tableName at "SELECT * FROM $tableName WHERE order_id="

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
ERRORSecuritySQL query is not prepared3
Category
Security
Occurrences
3
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $entry

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon-prefixed hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "gform_razorpay_complete_payment".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityerror log error log3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGMaintainabilityerror log trigger error3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
WARNINGSecurityInput is not sanitized3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[self::RAZORPAY_ORDER_ID]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

External Connections

Potential connections found in static code analysis.

21 domains

Outbound calls

138

External assets

2

Incoming endpoints

1

Notable Domains

tools.ietf.org66 · outbound
secure.php.net13 · outbound
php.net8 · outbound
semgrep.dev6 · outbound
bugzilla.mozilla.org3 · outbound
decompres.blogspot.com3 · outbound

Platform / Reference Domains

github.com11 · platform/reference
core.trac.wordpress.org6 · platform/reference
opensource.org6 · platform/reference
gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

checkout.razorpay.com2 · asset + outbound
razorpay.com2 · asset + outbound

Incoming Endpoints

admin_post_nopriv_gf_razorpay_webhookpublic

admin_post

Score History

First score snapshot

v1.3.7

21

Latest

Findings
458
Errors
411
Warnings
47
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

WooCommerce22 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreYoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreLiteSpeed Cache35 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreWP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin30 scoreJetpack – WP Security, Backup, Speed, & Growth23 scoreReally Simple Security – Simple and Performant Security (formerly Really Simple SSL)19 scoreUpdraftPlus: WP Backup & Migration Plugin24 scoreComplianz – GDPR/CCPA Cookie Consent24 scorePopup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation32 scoreWooCommerce PayPal Payments37 scoreWooCommerce Stripe Payment Gateway30 scoreMailchimp for WooCommerce24 score

Related Plugins

GetResponse Official

4k+ active installs

100
Live Carts for WooCommerce: Track Real-Time, Abandoned, and Converted Carts!

600 active installs

100
Visa Acceptance Solutions

10k+ active installs

100
Lemon Squeezy — Sell Digital Products, Subscriptions, and Licenses

500 active installs

99
Quiz Builder for WooCommerce – Product Recommendations

2k+ active installs

99
Surbma | Divi & Gravity Forms

9k+ active installs

99