Free: WC Wishlist, Email automation, Elementor Widgets. Premium: Back-in-Stock Notifier, Save for Later, Multi-lists, Reports, Email Marketing.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
I18n
3,502
2 issue groups
Maintainability
633
16 issue groups
Security
147
7 issue groups
ERRORI18nText Domain MismatchMismatched text domain. Expected 'smart-wishlist-for-more-convert' but got 'advanced-product-fields-for-woocommerce'.3,492
- Category
- I18n
- Occurrences
- 3,492
- Severity
- error
Sample message
Mismatched text domain. Expected 'smart-wishlist-for-more-convert' but got 'advanced-product-fields-for-woocommerce'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$K_PATH_CACHE".307
- Category
- Maintainability
- Occurrences
- 307
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$K_PATH_CACHE".
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DATAMATRIXDEFS".110
- Category
- Maintainability
- Occurrences
- 110
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DATAMATRIXDEFS".
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'mct_output_panel_' . $this->type".100
- Category
- Maintainability
- Occurrences
- 100
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'mct_output_panel_' . $this->type".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.57
- Category
- Security
- Occurrences
- 57
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $children_ids_sql used in $wpdb->query()\n$children_ids_sql assigned unsafely at line 1458.35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
Unescaped parameter $children_ids_sql used in $wpdb->query()\n$children_ids_sql assigned unsafely at line 1458.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_SERVER['DOCUMENT_ROOT']24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_SERVER['DOCUMENT_ROOT']
WARNINGSecurityRequest data is not unslashed$_SERVER['DOCUMENT_ROOT'] not unslashed before sanitization. Use wp_unslash() or similar24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
$_SERVER['DOCUMENT_ROOT'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations freadFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
Show 15 moreShow less
ERRORMaintainabilityfile system operations fclose15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityMissing direct file access protection13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORI18nMissing Translators Comment10
- Category
- I18n
- Occurrences
- 10
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilityfile system operations fwrite8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
WARNINGMaintainabilityNon-prefixed function7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "appsero_init_tracker_smart_wishlist_for_more_convert".
ERRORMaintainabilityparse url parse url7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
WARNINGMaintainabilityDynamic hook name6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action_name".
ERRORMaintainabilityunlink unlink6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORMaintainabilitywp function not compatible with requires wp5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Function "get_user()" requires WordPress 6.7.0, but your plugin minimum supported version is WordPress 5.8.0.
WARNINGMaintainabilityNon-prefixed class4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "MCT_Admin".
ERRORSecurityException output is not escaped3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$msg'.
WARNINGSecuritywp redirect wp redirect2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGSecurityInput is not validated2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['PHP_SELF']. Check that the array index exists before using it.
ERRORMaintainabilitycurl curl close2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl exec2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Score History
2 score snapshots
v1.9.20
24
Latest
- Findings
- 4,307
- Errors
- 3,678
- Warnings
- 629
- Check
- 2.0.0
v1.9.19
24
Score
- Findings
- 4,307
- Errors
- 3,679
- Warnings
- 628
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 4,307 | 3,678 | 629 | v1.9.20 | 2.0.0 |
| 24 | 4,307 | 3,679 | 628 | v1.9.19 | 2.0.0 |
Related Plugins
50k+ active installs
10k+ active installs
100k+ active installs
2k+ active installs
8k+ active installs
4k+ active installs