StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More

Sell digital & physical products with StoreEngine—a lightweight eCommerce solution with memberships, subscriptions, affiliates, coupons & licensing.

v2.0.0Kodezen LLCUpdated Added 600 installs100% rating33% support resolved
24
Score
149
Errors
482
Warnings
+0
Change

Category Scores

Security0
Repo97
Performance96
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

631 findings

Maintainability

322

10 issue groups

Security

251

12 issue groups

I18n

26

3 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account".231
Category
Maintainability
Occurrences
231
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$account".

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $count_sql used in $wpdb->get_var()\n$count_sql assigned unsafely at line 160.87
Category
Security
Occurrences
87
Severity
warning

Sample message

Unescaped parameter $count_sql used in $wpdb->get_var()\n$count_sql assigned unsafely at line 160.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$attrs'.32
Category
Security
Occurrences
32
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$attrs'.

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $count_sql29
Category
Security
Occurrences
29
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $count_sql

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().23
Category
Maintainability
Occurrences
23
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.17
Category
Security
Occurrences
17
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[ActiveCurrency::COOKIE_NAME]17
Category
Security
Occurrences
17
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[ActiveCurrency::COOKIE_NAME]

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $in_types at "SELECT pm.* FROM {$wpdb->postmeta} pm INNER JOIN {$wpdb->posts} p ON p.ID = pm.post_id WHERE p.post_type IN ($in_types) ORDER BY pm.meta_id LIMIT %d OFFSET %d"16
Category
Security
Occurrences
16
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $in_types at "SELECT pm.* FROM {$wpdb->postmeta} pm INNER JOIN {$wpdb->posts} p ON p.ID = pm.post_id WHERE p.post_type IN ($in_types) ORDER BY pm.meta_id LIMIT %d OFFSET %d"

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.14
Category
I18n
Occurrences
14
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Show 15 more
ERRORSecurityException output is not escaped13
Category
Security
Occurrences
13
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$e'.

WARNINGSecurityRequest data is not unslashed13
Category
Security
Occurrences
13
Severity
warning

Sample message

$_COOKIE[ActiveCurrency::COOKIE_NAME] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilitywp function not compatible with requires wp13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

Function "array_find()" requires WordPress 6.8.0, but your plugin minimum supported version is WordPress 6.5.0.

WARNINGSecurityMissing nonce verification12
Category
Security
Occurrences
12
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityfile system operations fwrite9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORI18nNon Singular String Literal Text8
Category
I18n
Occurrences
8
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: '<p>Hi {user_display_name},</p>'\n . '<p>Good news — “{shipped_item_name}” from your order #{order_id} has been marked as {shipment_status}.</p>'\n . '<p><strong>Courier:</strong> {shipment_courier}<br/><strong>Tracking number:</strong> {shipment_tracking_number}</p>'\n . '<p>{shipment_tracking_link}</p>'\n . '<p>Thank you for shopping with us.</p>'

WARNINGMaintainabilityNon-prefixed global symbol7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

The &quot;storeengine/cart/get&quot; prefix is not a valid namespace/function/class/variable/constant prefix in PHP.

ERRORMaintainabilityMissing direct file access protection7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityReplacements Wrong Number6
Category
Security
Occurrences
6
Severity
warning

Sample message

Incorrect number of replacements passed to $wpdb-&gt;prepare(). Found 1 replacement parameters, expected 2.

WARNINGSecurityUnfinished Prepare6
Category
Security
Occurrences
6
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WARNINGMaintainabilityerror log error log5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGMaintainabilityNo PHP code found4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

ERRORI18nMissing Singular Placeholder4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals

WARNINGMaintainabilityslow db query meta query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGSecurityInput is not validated3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;details&#039;]. Check that the array index exists before using it.

External Connections

Potential connections found in static code analysis.

83 domains

Outbound calls

281

External assets

7

Incoming endpoints

12

Notable Domains

docs.stripe.com13 · outbound
code.google.com10 · outbound
gs1uk.org8 · outbound
en.wikipedia.org7 · outbound
json-schema.org6 · outbound

Platform / Reference Domains

github.com80 · platform/reference
w3.org14 · platform/reference
schema.org7 · platform/reference
core.trac.wordpress.org5 · platform/reference
developer.wordpress.org4 · platform/reference
codex.wordpress.org1 · platform/reference
gnu.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

js.stripe.com4 · asset + outbound
cdn.paddle.com3 · asset + outbound
checkout.razorpay.com3 · asset + outbound
paypal.com3 · asset
bpm1.com1 · asset

Incoming Endpoints

/wp-json/storeengine/v1/inventory/generate-codeREST

register_rest_route

/wp-json/storeengine/v1/inventory/resolve-codesREST

register_rest_route

/wp-json/storeengine/v1/products/(?P<id>\d+)/stock-adjustREST

register_rest_route

/wp-json/storeengine/v1/products/(?P<id>\d+)/stock-movementsREST

register_rest_route

admin_post_nopriv_public

admin_post

wp_ajax_nopriv_public

wp_ajax

Admin AJAX endpoints6
admin_post_storeengine_seed_resetauthenticated

admin_post

admin_post_storeengine_seed_runauthenticated

admin_post

admin_post_storeengine/frontend_dashboard_edit_addressauthenticated

admin_post

wp_ajax_insights_deactivate_sendauthenticated

wp_ajax

wp_ajax_insights_optinauthenticated

wp_ajax

wp_ajax_storeengine/update_dataauthenticated

wp_ajax

Score History

First score snapshot

v2.0.0

24

Latest

Findings
631
Errors
149
Warnings
482
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Related Plugins