Razorpay Payment Button Elementor Plugin

Start accepting payments on pages or blogs built on Elementor. Offer credit/debit cards, UPI, wallets and more in less than five minutes.

v1.2.8RazorpayUpdated Added 1k+ installs50% rating
20
Score
479
Errors
62
Warnings
+0
Change

Category Scores

Security0
Repo64
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

541 findings

Security

262

6 issue groups

Maintainability

219

16 issue groups

I18n

15

2 issue groups

Supply Chain

5

1 issue group

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"RAZORPAY ERROR: Fetch payment button detail failed with the following message: '$message'"'.206
Category
Security
Occurrences
206
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"RAZORPAY ERROR: Fetch payment button detail failed with the following message: '$message'"'.

ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.113
Category
Maintainability
Occurrences
113
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$button_detail['html_content_item']'.17
Category
Security
Occurrences
17
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$button_detail['html_content_item']'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.17
Category
Security
Occurrences
17
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_GET['order'] not unslashed before sanitization. Use wp_unslash() or similar15
Category
Security
Occurrences
15
Severity
warning

Sample message

$_GET['order'] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilitycurl curl errnoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

Show 15 more
ERRORI18nText Domain Mismatch9
Category
I18n
Occurrences
9
Severity
error

Sample message

Mismatched text domain. Expected 'razorpay-payment-button-elementor' but got 'payments-for-elementor'.

WARNINGMaintainabilityNon-prefixed class7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "RZP_Button_Action_Elementor".

ERRORMaintainabilityNot Allowed6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

ERRORMaintainabilitycurl curl close6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl error6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl exec6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityparse url parse url6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

ERRORI18nMissing Arg Domain6
Category
I18n
Occurrences
6
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORSupply ChainHidden files included5
Category
Supply Chain
Occurrences
5
Severity
error

Sample message

Hidden files are not permitted.

WARNINGSecurityInput is not validated4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST[&#039;btn_action&#039;]. Check that the array index exists before using it.

WARNINGMaintainabilityerror log trigger error3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WARNINGSecurityMissing nonce verification3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilitycurl curl getinfo3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl init3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl multi add handle3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

External Connections

Potential connections found in static code analysis.

19 domains

Outbound calls

149

External assets

1

Incoming endpoints

1

Notable Domains

tools.ietf.org66 · outbound
php.net16 · outbound
semgrep.dev12 · outbound
secure.php.net7 · outbound

Platform / Reference Domains

github.com14 · platform/reference
core.trac.wordpress.org6 · platform/reference
opensource.org6 · platform/reference
w3.org1 · platform/reference

External Asset Domains

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
admin_post_rzp_btn_elementor_actionauthenticated

admin_post

Score History

First score snapshot

v1.2.8

20

Latest

Findings
541
Errors
479
Warnings
62
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins