Royal Mail Shipping Calculator for WooCommerce

Royal Mail Shipping Calculator for WooCommerce is a WordPress Plugin that integrate the Royal Mail service.

v1.9.10Waseem SenjerUpdated Added 1k+ installs88% rating
39
Score
61
Errors
31
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability78

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

92 findings

Security

41

7 issue groups

I18n

33

4 issue groups

Maintainability

16

7 issue groups

Repo Compliance

2

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'royal-mail-woocommerce-shipping-calculator' but got 'wc-royal-mail'.30
Category
I18n
Occurrences
30
Severity
error

Sample message

Mismatched text domain. Expected 'royal-mail-woocommerce-shipping-calculator' but got 'wc-royal-mail'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.9
Category
Security
Occurrences
9
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['woocommerce_wpruby_royalmail_default_height']. Check that the array index exists before using it.9
Category
Security
Occurrences
9
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['woocommerce_wpruby_royalmail_default_height']. Check that the array index exists before using it.

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Item '{$item->getDescription()}' is too large to fit into any box"'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Item '{$item->getDescription()}' is too large to fit into any box"'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='error'><p>$message $link</p></div>"'.4
Category
Security
Occurrences
4
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='error'><p>$message $link</p></div>"'.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$current_user_id&quot;.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$current_user_id&quot;.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST[&#039;woocommerce_wpruby_royalmail_default_height&#039;]3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST[&#039;woocommerce_wpruby_royalmail_default_height&#039;]

WARNINGSecurityRequest data is not unslashed$_POST[&#039;woocommerce_wpruby_royalmail_default_height&#039;] not unslashed before sanitization. Use wp_unslash() or similar3
Category
Security
Occurrences
3
Severity
warning

Sample message

$_POST[&#039;woocommerce_wpruby_royalmail_default_height&#039;] not unslashed before sanitization. Use wp_unslash() or similar

Show 10 more
ERRORMaintainabilityfile system operations fopen3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

ERRORMaintainabilityOffloaded Content2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

ERRORMaintainabilityfile system operations fclose2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: "Weight unit: ".$weight_unit."<br> This weight will only be used if the product\s weight are not set in the edit product's page."

ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

WARNINGRepo Complianceplugin header nonexistent domain path1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"

WARNINGI18ntextdomain mismatch1
Category
I18n
Occurrences
1
Severity
warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "wc-royal-mail", expected "royal-mail-woocommerce-shipping-calculator".

WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin slug includes a restricted term. Your plugin slug - "royal-mail-woocommerce-shipping-calculator" - contains the restricted term "woocommerce" which cannot be used within in your plugin slug, unless your plugin slug contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your plugin slug.

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

11

External assets

2

Incoming endpoints

1

Notable Domains

wpruby.com7 · outbound
rulehook.com2 · outbound

Platform / Reference Domains

github.com1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

cdn.wpruby.com2 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_dismiss_royalmail_rulehook_noticeauthenticated

wp_ajax

Score History

First score snapshot

v1.9.10

39

Latest

Findings
92
Errors
61
Warnings
31
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

31 nodes

Related Plugins