This is the official WooCommerce extension to ship products using The Courier Guy.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
96
7 issue groups
Maintainability
46
13 issue groups
I18n
17
3 issue groups
Supply Chain
1
1 issue group
WARNINGSecurityMissingProcessing form data without nonce verification.30
- Category
- Security
- Occurrences
- 30
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing Unslash$_GET['q']['term'] not unslashed before sanitization. Use wp_unslash() or similar27
- Category
- Security
- Occurrences
- 27
- Severity
- warning
Sample message
$_GET['q']['term'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilityEcho FoundShort PHP opening tag used with echo; expected "<?php echo esc_attr ..." but found "<?= esc_attr ..."24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- error
Sample message
Short PHP opening tag used with echo; expected "<?php echo esc_attr ..." but found "<?= esc_attr ..."
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_POST['iihtcg_selector_input']22
- Category
- Security
- Occurrences
- 22
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_POST['iihtcg_selector_input']
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $displayName15
- Category
- I18n
- Occurrences
- 15
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $displayName
WARNINGSecurityRecommendedProcessing form data without nonce verification.13
- Category
- Security
- Occurrences
- 13
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilityNot AllowedUse of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGSecurityInput Not ValidatedDetected usage of a possibly undefined superglobal array index: $_GET['q']['term']. Check that the array index exists before using it.2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_GET['q']['term']. Check that the array index exists before using it.
Show 15 moreShow less
ERRORMaintainabilityfile system operations readfile2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
ERRORMaintainabilityunlink unlink2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGI18nload plugin textdomain Found1
- Category
- I18n
- Occurrences
- 1
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
ERRORMaintainabilityPlugin Directory Write1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using copy(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORSecurityNot Prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $query
ERRORSecurityLike Wildcards In Query1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE '_transient_timeout_tcg_rate_cache%'.
ERRORMaintainabilitydate date1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fclose1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations fwrite1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilityfile system operations mkdir1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
ERRORMaintainabilityfile system operations rmdir1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
ERRORI18nMissing Arg Domain1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
Missing $domain parameter in function call to esc_html__().
ERRORSupply Chainhidden files1
- Category
- Supply Chain
- Occurrences
- 1
- Severity
- error
Sample message
Hidden files are not permitted.
ERRORRepo Complianceoutdated tested upto header1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
Score History
First score snapshot
v5.5.0
34
Latest
- Findings
- 161
- Errors
- 58
- Warnings
- 103
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 34 | 161 | 58 | 103 | v5.5.0 | 2.0.0 |
Related Plugins
4k+ active installs
3k+ active installs
2k+ active installs
2k+ active installs
6k+ active installs
2k+ active installs