Verge3D Publishing and E-Commerce

Verge3D application publising and e-commerce plugin for WordPress.

v4.12.0Soft8Soft LLCUpdated Added 400 installs80% rating
27
Score
245
Errors
298
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance88
Maintainability20

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

543 findings

Security

378

7 issue groups

Maintainability

149

15 issue groups

Performance

7

2 issue groups

I18n

3

1 issue group

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.97
Category
Security
Occurrences
97
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."80
Category
Maintainability
Occurrences
80
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo ! ..." but found "<?= ! ..."

WARNINGSecurityRequest data is not unslashed$_GET[&#039;tab&#039;] not unslashed before sanitization. Use wp_unslash() or similar78
Category
Security
Occurrences
78
Severity
warning

Sample message

$_GET[&#039;tab&#039;] not unslashed before sanitization. Use wp_unslash() or similar

ERRORSecuritySetting is missing a sanitization callbackSanitization missing for register_setting().57
Category
Security
Occurrences
57
Severity
error

Sample message

Sanitization missing for register_setting().

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$app_id'.53
Category
Security
Occurrences
53
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$app_id'.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[&#039;appfile&#039;][&#039;name&#039;]41
Category
Security
Occurrences
41
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[&#039;appfile&#039;][&#039;name&#039;]

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES[&#039;appfile&#039;][&#039;error&#039;]. Check that the array index exists before using it.37
Category
Security
Occurrences
37
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;appfile&#039;][&#039;error&#039;]. Check that the array index exists before using it.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;16
Category
Maintainability
Occurrences
16
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

Show 15 more
ERRORMaintainabilityfile system operations mkdir7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().

ERRORMaintainabilityunlink unlink6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WARNINGMaintainabilityNot In Footer6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityslow db query meta key5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityerror log print r4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

ERRORPerformanceSuppress Filters suppress filters4
Category
Performance
Occurrences
4
Severity
error

Sample message

Setting `suppress_filters` to `true` is prohibited.

ERRORMaintainabilityForbidden PHP function found3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

The use of function move_uploaded_file() is forbidden

WARNINGMaintainabilityslow db query meta value3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

ERRORMaintainabilitydate date3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilityfile system operations rmdir3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().

ERRORI18nMissing Arg Domain3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGPerformancePost Not In exclude3
Category
Performance
Occurrences
3
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

ERRORMaintainabilityfile system operations readfile2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().

ERRORMaintainabilitystrip tags strip tags2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

ERRORMaintainabilityfile system operations fclose1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

External Connections

Potential connections found in static code analysis.

3 domains

Outbound calls

7

External assets

1

Incoming endpoints

15

Notable Domains

soft8soft.com3 · outbound

External Asset Domains

paypal.com2 · asset + outbound

Incoming Endpoints

/wp-json/verge3d/v1/get_file/(?P<id>\w+)REST

register_rest_route

/wp-json/verge3d/v1/get_product_info/(?P<sku>.+)REST

register_rest_route

/wp-json/verge3d/v1/place_orderREST

register_rest_route

/wp-json/verge3d/v1/send_formREST

register_rest_route

/wp-json/verge3d/v1/upload_fileREST

register_rest_route

/wp-json/verge3d/v2/place_orderREST

register_rest_route

Admin AJAX endpoints7
wp_ajax_v3d_ajax_fetch_order_itemsauthenticated

wp_ajax

wp_ajax_v3d_ajax_fetch_product_infoauthenticated

wp_ajax

wp_ajax_v3d_ajax_send_pdfauthenticated

wp_ajax

wp_ajax_v3d_cleanup_appauthenticated

wp_ajax

wp_ajax_v3d_payment_doneauthenticated

wp_ajax

wp_ajax_v3d_upload_app_fileauthenticated

wp_ajax

wp_ajax_v3d_woo_get_product_infoauthenticated

wp_ajax

Score History

First score snapshot

v4.12.0

27

Latest

Findings
543
Errors
245
Warnings
298
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

31 nodes

Related Plugins