PluginScore

Shipment Tracker for Woocommerce

Add awb# to orders, create tracking page, send tracking info via sms & email. Works best with Shiprocket, Shipmozo, Delhivery & Nimbuspost.

v1.5.5.1bitsstechUpdated Added 2k+ installs94% rating0% support resolved
delhiverynimbuspostshipmozoshiprocketxpressbees
23
Score
462
Errors
559
Warnings
+0
Change

Category Scores

Security0
Repo88
Performance98
Maintainability2

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,021 findings

Security

591

7 issue groups

I18n

259

4 issue groups

Maintainability

150

14 issue groups

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().220
Category
I18n
Occurrences
220
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGSecurityRequest data is not unslashed$_GET[$filter_id] not unslashed before sanitization. Use wp_unslash() or similar157
Category
Security
Occurrences
157
Severity
warning

Sample message

$_GET[$filter_id] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.123
Category
Security
Occurrences
123
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.96
Category
Security
Occurrences
96
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$awb_n'.81
Category
Security
Occurrences
81
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$awb_n'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it.77
Category
Security
Occurrences
77
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['id']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['action']54
Category
Security
Occurrences
54
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['action']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.38
Category
Maintainability
Occurrences
38
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;38
Category
Maintainability
Occurrences
38
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORI18nText Domain MismatchMismatched text domain. Expected 'shipment-tracker-for-woocommerce' but got 'bt-sync-order'.30
Category
I18n
Occurrences
30
Severity
error

Sample message

Mismatched text domain. Expected 'shipment-tracker-for-woocommerce' but got 'bt-sync-order'.

WordPress.WP.I18n.TextDomainMismatchReference
Show 15 more
WARNINGMaintainabilityerror log error log21
Category
Maintainability
Occurrences
21
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
ERRORMaintainabilityShort PHP open tag found20
Category
Maintainability
Occurrences
20
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo $order_number ..." but found "<?= $order_number ..."

Generic.PHP.DisallowShortOpenTag.EchoFound
WARNINGMaintainabilityNo PHP code found5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Internal.NoCodeFound
WARNINGMaintainabilityslow db query meta key5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
ERRORI18nNon Singular String Literal Domain5
Category
I18n
Occurrences
5
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: $plugin_info['Name']

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
ERRORI18nNon Singular String Literal Text4
Category
I18n
Occurrences
4
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $title

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilityunexpected markdown file4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Unexpected markdown file "hooks-admin.md" detected in plugin root. Only specific markdown files are expected in production plugins.

unexpected_markdown_file
ERRORSecurityUnsafe printing function3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGMaintainabilityMissing Version3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_register_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilityNo Explicit Version3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_register_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion
WARNINGMaintainabilityNot In Footer3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
ERRORMaintainabilityNon Enqueued Stylesheet3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet
ERRORMaintainabilitybadly named files3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files
ERRORMaintainabilityOffloaded Content2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
WARNINGMaintainabilityslow db query meta query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_query

Score History

First score snapshot

v1.5.5.1

23

Latest

Findings
1,021
Errors
462
Warnings
559
Check
2.0.0