SimpleShop

The SimpleShop WP plugin connects your WordPress website with a SimpleShop account and allows you to restrict the access only for members.

v2.17.1Redbit s.r.o.Updated Added 1k+ installs0% rating
38
Score
52
Errors
51
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability71

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

103 findings

Security

56

10 issue groups

Maintainability

39

11 issue groups

I18n

5

2 issue groups

Repo Compliance

2

2 issue groups

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.17
Category
Maintainability
Occurrences
17
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$currentClass' is deprecated, use '$class::getInstance()->$method()' instead"'.14
Category
Security
Occurrences
14
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"'$currentClass' is deprecated, use '$class::getInstance()->$method()' instead"'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.10
Category
Security
Occurrences
10
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar7
Category
Security
Occurrences
7
Severity
warning

Sample message

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ssc_new_user_created".5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ssc_new_user_created".

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_wpnonce']5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['_wpnonce']

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.4
Category
I18n
Occurrences
4
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

Show 15 more
WARNINGSecurityNonce verification recommended3
Category
Security
Occurrences
3
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityDirect Query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityerror log trigger error2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WARNINGSecuritywp redirect wp redirect2
Category
Security
Occurrences
2
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Found call to wp_register_style() with external resource. Offloading styles to your servers or any remote service is disallowed.

ERRORSecuritySetting is missing a sanitization callback1
Category
Security
Occurrences
1
Severity
error

Sample message

Sanitization missing for register_setting().

WARNINGMaintainabilityNon-prefixed global variable1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$pluginMainFile".

ERRORSecurityException output is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$field'.

WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['post_ID']. Check that the array index exists before using it.

ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: '<u>Allowed patterns:</u><br/>'\n . '<div style="font-style:normal;"><b>{login}</b> = login<br/>'\n . '<b>{password}</b> = password<br/>'\n . '<b>{login_url}</b> = URL address where User can login<br/>'\n . '<b>{pages}</b> = list of pages to which the user has purchased access<br/>'\n . '<b>{mail}</b> = user email (usually the same as login)<br/>'\n . '</div>'

ERRORRepo Compliancelicense mismatch1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The &quot;/vendor&quot; directory using composer exists, but &quot;composer.json&quot; file is missing.

ERRORMaintainabilityMissing direct file access protection1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORRepo Complianceplugin header invalid license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Invalid License: https://github.com/redbitcz/simpleshop-wp-plugin/blob/master/LICENSE. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

External Connections

Potential connections found in static code analysis.

29 domains

Outbound calls

137

External assets

1

Incoming endpoints

3

Notable Domains

cmb2.io61 · outbound
docs.jquery.com4 · outbound
jquery.org4 · outbound
jqueryui.com4 · outbound
form.simpleshop.cz3 · outbound
podpora.redbit.cz3 · outbound

Platform / Reference Domains

github.com22 · platform/reference
wordpress.org8 · platform/reference
core.trac.wordpress.org2 · platform/reference
opensource.org2 · platform/reference

External Asset Domains

code.jquery.com2 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_cmb2_oembed_handlerpublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_cmb2_oembed_handlerauthenticated

wp_ajax

wp_ajax_load_simple_shop_productsauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 21, 2026, 09:29 PM UTC Score 38/100 Plugin v2.17.0 Plugin Check 2.0.0 52 errors, 50 warningsJul 3, 2026, 12:26 PM UTC Score 38/100 Plugin v2.17.1 Plugin Check 2.0.0 52 errors, 51 warningsJun 21, 2026Jul 3, 2026

v2.17.1

38

Latest

Findings
103
Errors
52
Warnings
51
Check
2.0.0

v2.17.0

38

Score

Findings
102
Errors
52
Warnings
50
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Related Plugins