UPI QR Code Payment Gateway

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like GPay, PhonePe, Paytm or any banking UPI app.

v1.4.3Dew TechnolabUpdated Added 1k+ installs100% rating
42
Score
179
Errors
28
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability86

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

207 findings

I18n

156

4 issue groups

Security

48

6 issue groups

Maintainability

3

3 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'upi-qr-code-payment-gateway' but got 'dew-upi-qr-code'.150
Category
I18n
Occurrences
150
Severity
error

Sample message

Mismatched text domain. Expected 'upi-qr-code-payment-gateway' but got 'dew-upi-qr-code'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.22
Category
Security
Occurrences
22
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.9
Category
Security
Occurrences
9
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_POST['customer_dwu_address'] not unslashed before sanitization. Use wp_unslash() or similar7
Category
Security
Occurrences
7
Severity
warning

Sample message

$_POST['customer_dwu_address'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['dwu_file']['type']. Check that the array index exists before using it.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES['dwu_file']['type']. Check that the array index exists before using it.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.4
Category
I18n
Occurrences
4
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['dwu_nonce']3
Category
Security
Occurrences
3
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['dwu_nonce']

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityfive star reviews detectedLinking directly to 5 stars reviews is not allowed.1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Linking directly to 5 stars reviews is not allowed.

Show 3 more
ERRORMaintainabilityinvalid tested upto minor1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Tested up to: 7.0.0 The version number should only include major versions 7.0.

WARNINGI18ntextdomain mismatch1
Category
I18n
Occurrences
1
Severity
warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "dew-upi-qr-code", expected "upi-qr-code-payment-gateway".

ERRORMaintainabilitywp function not compatible with requires wp1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Function "wp_set_script_translations()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.5.0.

External Connections

Potential connections found in static code analysis.

11 domains

Outbound calls

22

External assets

0

Incoming endpoints

0

Notable Domains

dewtechnolab.com3 · outbound
craftpip.github.io2 · outbound
divyeshghediya.in2 · outbound
apache.org1 · outbound
citibank.com1 · outbound
docs.checkout.com1 · outbound

Platform / Reference Domains

gnu.org3 · platform/reference
w3.org3 · platform/reference
wordpress.org3 · platform/reference
github.com2 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v1.4.3

42

Latest

Findings
207
Errors
179
Warnings
28
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

36 nodes

Related Plugins

97
QRCode

400 active installs

65
VietQR

5k+ active installs

45