PluginScore

SnapScan Payment Gateway

A free, safe, and secure payment integration where customers can pay via SnapScan or card with automatic WooCommerce payment reconciliation.

v1.6.0snapscanservicesUpdated Added 700 installs100% rating100% support resolved
payment gatewaypaymentsqrsnapscanwoocommerce
41
Score
33
Errors
30
Warnings
+0
Change

Category Scores

Security0
Repo89
Performance100
Maintainability86

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

63 findings

Security

44

7 issue groups

Maintainability

10

6 issue groups

I18n

7

3 issue groups

Repo Compliance

2

2 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='notice {$noticeLevel} is-dismissible'><p>{$message}</p></div>"'.19
Category
Security
Occurrences
19
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<div class='notice {$noticeLevel} is-dismissible'><p>{$message}</p></div>"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&quot;settings&quot;]5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&quot;settings&quot;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET[&#039;merchant_reference&#039;]. Check that the array index exists before using it.5
Category
Security
Occurrences
5
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;merchant_reference&#039;]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityRequest data is not unslashed$_GET[&quot;settings&quot;] not unslashed before sanitization. Use wp_unslash() or similar5
Category
Security
Occurrences
5
Severity
warning

Sample message

$_GET[&quot;settings&quot;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.3
Category
Security
Occurrences
3
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: 'SnapScan App Payment Error: '.$error_message2
Category
I18n
Occurrences
2
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: 'SnapScan App Payment Error: '.$error_message

WordPress.WP.I18n.NonSingularStringLiteralTextReference
Show 8 more
ERRORMaintainabilitybadly named files2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files
WARNINGMaintainabilityerror log print r1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
WARNINGSecurityMissing nonce verification1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
ERRORMaintainabilityNon Enqueued Script1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "SnapScan Payment Gateway" is different from the name declared in plugin header "SnapScan Online Payments".

mismatched_plugin_nameReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.2 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_licenseReference
WARNINGI18ntextdomain mismatch1
Category
I18n
Occurrences
1
Severity
warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "snapscan", expected "snapscan-online-payments".

textdomain_mismatchReference

External Connections

Potential connections found in static code analysis.

5 domains

Outbound calls

8

External assets

0

Incoming endpoints

3

Notable Domains

merchant.getsnapscan.com2 · outbound
pos.snapscan.io2 · outbound
woocommerce.com2 · outbound
popmartian.com1 · outbound
snapscan.co.za1 · outbound

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/snap/payment-completeREST

register_rest_route

/wp-json/snap/sREST

register_rest_route

/wp-json/snap/verify-paymentREST

register_rest_route

Score History

First score snapshot

v1.6.0

41

Latest

Findings
63
Errors
33
Warnings
30
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

34 nodes

Related Plugins

Paystack WooCommerce Payment Gateway

30k+ active installs

100
Visa Acceptance Solutions

10k+ active installs

100
Clover Payment Gateway by Zaytech for WooCommerce

600 active installs

99
Fr Custom Payment Gateway Icon for WooCommerce

2k+ active installs

99
Lemon Squeezy — Sell Digital Products, Subscriptions, and Licenses

500 active installs

99
Payment Gateway – 2Checkout for WooCommerce

700 active installs

99