Sendcloud Shipping

SendCloud helps to grow your online store by optimizing the shipping process. Shipping packages has never been that easy!

v1.0.28SendcloudUpdated 26 days agoAdded 1 year ago5k+ installs58% rating

order tracking service points shipping shipping rates woocommerce

Score

Errors

Warnings

Change

Category Scores

Security0

Repo100

Performance100

Maintainability83

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

134 findings

Security

9 issue groups

Maintainability

6 issue groups

I18n

3 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'SCCSP_View'.37

Category: Security
Occurrences: 37
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'SCCSP_View'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.32

Category: Security
Occurrences: 32
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.14

Category: Security
Occurrences: 14
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.13

Category: Maintainability
Occurrences: 13
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().12

Category: Maintainability
Occurrences: 12
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$address".6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$address".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

ERRORI18nMissing Translators CommentA function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.4

Category: I18n
Occurrences: 4
Severity: error

Sample message

A function call to _e() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $query2

Category: Security
Occurrences: 2
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared

WARNINGSecurityUnquoted Complex PlaceholderComplex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.

WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder

Show 8 more

WARNINGI18nDiscouraged text-domain loading1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

ERRORSecurityDatabase parameter is not escaped1

Category: Security
Occurrences: 1
Severity: error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 100.

PluginCheck.Security.DirectDB.UnescapedDBParameter

WARNINGMaintainabilitySchema Change1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

WARNINGSecuritywp redirect wp redirect1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGSecurityInput is not sanitized1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['REQUEST_METHOD']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGMaintainabilityMissing Version1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

ERRORI18nUnordered Placeholders Text1

Category: I18n
Occurrences: 1
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$20d, %2$20c", but got "%20d, %20c" in 'https://www.sendcloud.com/wp-content/help-center-images/WooCommerce/EN%20parcel%20dimensions%20check.png'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

ERRORMaintainabilityMissing direct file access protection1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

External Connections

Not analyzed yet.

Score History

First score snapshot

7 days ago

v1.0.28

Latest

Findings: 134
Errors: 78
Warnings: 56
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
7 days agoLatest	42	134	78	56	v1.0.28	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Loading map

PluginAuthorCategoryIssueRelated

Relationship links

Issue

Related Plugins

No Shipping Message for WooCommerce

3k+ active installs

100

Bob Go smart shipping solution for WooCommerce

1k+ active installs

Express, Certified Post, Bike Delivery and Iranian Postal Companies for WooCommerce

900 active installs

Order Tracker for WooCommerce – Track Customer Order

900 active installs

Ship to a Different Address Checked/Unchecked for WooCommerce

600 active installs

Shiptastic integration for UPS

800 active installs