PluginScore

BjornTech PayPal POS integration for WooCommerce

Keep WooCommerce and PayPal POS (formerly Zettle) in sync.

v8.0.4bjorntechUpdated Added 700 installs100% rating
paypalposwoocommercezettle
34
Score
68
Errors
177
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance96
Maintainability52

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

245 findings

Security

129

7 issue groups

Maintainability

95

16 issue groups

I18n

14

2 issue groups

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.28
Category
Security
Occurrences
28
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "action_scheduler_run_queue".27
Category
Maintainability
Occurrences
27
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "action_scheduler_run_queue".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "IZ_Integration_API".24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "IZ_Integration_API".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$code'.24
Category
Security
Occurrences
24
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$code'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.23
Category
Security
Occurrences
23
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['_izettle_barcode']20
Category
Security
Occurrences
20
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['_izettle_barcode']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.14
Category
Security
Occurrences
14
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$content'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityRequest data is not unslashed$_POST['nonce'] not unslashed before sanitization. Use wp_unslash() or similar12
Category
Security
Occurrences
12
Severity
warning

Sample message

$_POST['nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.12
Category
I18n
Occurrences
12
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$barcode".10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$barcode".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Show 15 more
WARNINGMaintainabilityerror log print r10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r
ERRORMaintainabilityrand mt rand9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
WARNINGSecurityInput is not validated8
Category
Security
Occurrences
8
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
WARNINGMaintainabilityslow db query meta value2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
WARNINGMaintainabilityslow db query tax query2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of tax_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_tax_query
ERRORMaintainabilitycurl curl setopt2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt
ERRORI18nText Domain Mismatch2
Category
I18n
Occurrences
2
Severity
error

Sample message

Mismatched text domain. Expected 'woo-izettle-integration' but got 'woocommerce'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityDirect Query1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityDynamic hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$id . '_filter'".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WC_ZETTLE_MIN_WC_VER".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon-prefixed function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "WC_IZ".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityerror log debug print backtrace1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

debug_print_backtrace() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_debug_print_backtrace
ERRORMaintainabilityrand rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand

External Connections

Potential connections found in static code analysis.

9 domains

Outbound calls

44

External assets

0

Incoming endpoints

9

Notable Domains

bjorntech.com33 · outbound
apache.org1 · outbound
image.izettle.com1 · outbound
oauth.izettle.com1 · outbound
shapeshifter.se1 · outbound
tools.ietf.org1 · outbound

Platform / Reference Domains

gnu.org3 · platform/reference
opensource.org2 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/izettle/webhookREST

register_rest_route

Admin AJAX endpoints8
wp_ajax_izettle_clear_noticeauthenticated

wp_ajax

wp_ajax_izettle_clear_product_meta_dataauthenticated

wp_ajax

wp_ajax_izettle_force_new_tokenauthenticated

wp_ajax

wp_ajax_izettle_generate_barcodeauthenticated

wp_ajax

wp_ajax_izettle_get_stateauthenticated

wp_ajax

wp_ajax_izettle_sync_iz_productsauthenticated

wp_ajax

wp_ajax_izettle_sync_purchasesauthenticated

wp_ajax

wp_ajax_wciz_processing_buttonauthenticated

wp_ajax

Score History

First score snapshot

v8.0.4

34

Latest

Findings
245
Errors
68
Warnings
177
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Related Plugins

Automation Web Platform – Notifications and OTP for WooCommerce, Advanced Country Code

500 active installs

100
Crypto Payment Gateway with Instant Payouts

1k+ active installs

100
EU Withdrawal Compliance

800 active installs

100
Instant Approval Payment Gateway with Instant Payouts

2k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100
Kliken: Ads + Pixel for Meta

40k+ active installs

100