PluginScore

DPD SK for WooCommerce

Plugin spoločnosti Direct Parcel Distribution SK, s. r. o. poskytuje jednoduché a rýchle riešenie na prenos údajov o objednaných prepravných službách …

v8.5.0Webikon s.r.o.Updated Added 700 installs100% rating
dpdshippingwoocommerce
34
Score
130
Errors
165
Warnings
+0
Change

Category Scores

Security0
Repo65
Performance100
Maintainability73

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

295 findings

Security

211

9 issue groups

Maintainability

59

8 issue groups

I18n

18

3 issue groups

Repo Compliance

4

4 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$api_key'.75
Category
Security
Occurrences
75
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$api_key'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.51
Category
Security
Occurrences
51
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_countries".42
Category
Maintainability
Occurrences
42
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$allowed_countries".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityRequest data is not unslashed$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar37
Category
Security
Occurrences
37
Severity
warning

Sample message

$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.16
Category
Security
Occurrences
16
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.15
Category
I18n
Occurrences
15
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$company'.14
Category
Security
Occurrences
14
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$company'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['post']8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['post']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
Show 15 more
ERRORMaintainabilityMissing direct file access protection5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityDirect Query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not prepared2
Category
Security
Occurrences
2
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared
ERRORI18nUnordered Placeholders Text2
Category
I18n
Occurrences
2
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$d", but got "%s, %d" in 'Company name %s is longer than %d characters. Please shorten it.'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['woocommerce_' . self::SETTINGS_ID_KEY . '_' . $field_key . '_default'][0]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORSupply ChainHidden files included1
Category
Supply Chain
Occurrences
1
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
ERRORRepo Compliancemismatched tested up to header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Mismatched "Tested up to": 6.9 != 6.9.4. The "Tested up to" value in the readme file must match the "Tested up to" value in the plugin header. If the plugin header has a "Tested up to" value, it will override the readme value, which can cause confusion.

mismatched_tested_up_to_headerReference
WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_fileReference
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
ERRORRepo Compliancereadme description non official language1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

The readme description contains unofficial language. It must be written in standard English.

readme_description_non_official_languageReference
WARNINGRepo Compliancereadme parser warnings trimmed short description1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

readme_parser_warnings_trimmed_short_description

External Connections

Potential connections found in static code analysis.

9 domains

Outbound calls

29

External assets

1

Incoming endpoints

4

Notable Domains

webpack.js.org18 · outbound
php-fig.org2 · outbound
api.dpd.sk1 · outbound
getcomposer.org1 · outbound
webikon.sk1 · outbound

Platform / Reference Domains

github.com2 · platform/reference
w3.org2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

pus-maps.dpd.sk2 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_wc_dpd_parcelshop_searchpublic

wp_ajax

wp_ajax_nopriv_wc_dpd_update_chosen_parcelshoppublic

wp_ajax

Admin AJAX endpoints2
wp_ajax_wc_dpd_parcelshop_searchauthenticated

wp_ajax

wp_ajax_wc_dpd_update_chosen_parcelshopauthenticated

wp_ajax

Score History

First score snapshot

v8.5.0

34

Latest

Findings
295
Errors
130
Warnings
165
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

32 nodes

Related Plugins

Automation Web Platform – Notifications and OTP for WooCommerce, Advanced Country Code

500 active installs

100
Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
EU Withdrawal Compliance

800 active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100
Kliken: Ads + Pixel for Meta

40k+ active installs

100