Customize your WooCommerce thank you page or redirect customers after checkout to any page or URL—simple, flexible, and tracking-friendly.
Category Scores
Audit Overview
Open findings
33
6 errors, 27 warnings
Main area
Maintainability
19 grouped findings
Last scanned
3s runtime
Audit stack
Plugin Check 2.0.0
Model 2026.06-mvp-static-v2
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
19
9 issue groups
Security
10
5 issue groups
I18n
3
2 issue groups
Repo Compliance
1
1 issue group
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$prefix".4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$prefix".
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.4
- Category
- Security
- Occurrences
- 4
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
WARNINGSecurityMissing Unslash$_GET['key'] not unslashed before sanitization. Use wp_unslash() or similar3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
$_GET['key'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityMissing VersionResource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityFoundShort URL detected (bit.ly). Use full URLs instead of URL shorteners.1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Short URL detected (bit.ly). Use full URLs instead of URL shorteners.
ERRORSecurityUnescaped DBParameterUnescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 19.1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Unescaped parameter $sql used in $wpdb->query()\n$sql assigned unsafely at line 19.
Show 7 more issue groups
WARNINGSecurityInterpolated Not Prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable {$table_name} at "DELETE FROM {$table_name} WHERE option_name LIKE %s"
ERRORSecurityNot Prepared1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $sql
ERRORI18nMissing Translators Comment1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilitymismatched plugin name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Plugin name "Thank You Page for WooCommerce – Custom Thank You Page & Redirect" is different from the name declared in plugin header "Thank You Page for WooCommerce".
WARNINGMaintainabilitymissing composer json file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
ERRORRepo Compliancereadme mismatched header requires1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- error
Sample message
Mismatched Requires at least: 6.5 != 6.2. "Requires at least" needs to be exactly the same with that in your main plugin file's header.
WARNINGMaintainabilitytrademarked term1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The plugin slug includes a restricted term. Your plugin slug - "wc-thanks-redirect" - contains the restricted term "wc" which cannot be used at all in your plugin slug.
Score History
First score snapshot
Scan records1
v4.3.2
68
Latest
- Findings
- 33
- Errors
- 6
- Warnings
- 27
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 68 | 33 | 6 | 27 | v4.3.2 | 2.0.0 | 2026.06-mvp-static-v2 |
