Paysera payments + delivery
Category Scores
Audit Overview
Open findings
2,061
1,866 errors, 195 warnings
Main area
Security
1,574 grouped findings
Last scanned
1m 17s runtime
Audit stack
Plugin Check 2.0.0
Model 2026.06-mvp-static-v2
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
1,574
9 issue groups
I18n
288
5 issue groups
Maintainability
142
11 issue groups
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"A '{$key}' key is required"'.1,308
- Category
- Security
- Occurrences
- 1,308
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"A '{$key}' key is required"'.
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: PayseraPaths::PAYSERA_TRANSLATIONS231
- Category
- I18n
- Occurrences
- 231
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: PayseraPaths::PAYSERA_TRANSLATIONS
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$class'.132
- Category
- Security
- Occurrences
- 132
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$class'.
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;37
- Category
- Maintainability
- Occurrences
- 37
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $defaultOption35
- Category
- I18n
- Occurrences
- 35
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $defaultOption
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_ENV[$k]32
- Category
- Security
- Occurrences
- 32
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_ENV[$k]
WARNINGSecurityRecommendedProcessing form data without nonce verification.31
- Category
- Security
- Occurrences
- 31
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitywp function not compatible with requires wpFunction "register_rest_route()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.0.0.29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- error
Sample message
Function "register_rest_route()" requires WordPress 4.4.0, but your plugin minimum supported version is WordPress 4.0.0.
WARNINGSecurityMissingProcessing form data without nonce verification.28
- Category
- Security
- Occurrences
- 28
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing Unslash$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar24
- Category
- Security
- Occurrences
- 24
- Severity
- warning
Sample message
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
Show 15 more issue groups
ERRORMaintainabilityNot Allowed15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGMaintainabilityerror log print r15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
WARNINGMaintainabilityupgrade notice limit12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- warning
Sample message
The upgrade notice for "3.12.0" exceeds the limit of 300 characters.
WARNINGSecurityInput Not Validated10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['city']. Check that the array index exists before using it.
WARNINGMaintainabilityerror log var export9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- warning
Sample message
var_export() found. Debug code should not normally be used in production.
ERRORI18nText Domain Mismatch9
- Category
- I18n
- Occurrences
- 9
- Severity
- error
Sample message
Mismatched text domain. Expected 'woo-payment-gateway-paysera' but got 'paysera'.
ERRORI18nMissing Translators Comment7
- Category
- I18n
- Occurrences
- 7
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORMaintainabilitydate date6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fclose6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORI18nMissing Arg Domain6
- Category
- I18n
- Occurrences
- 6
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityDynamic Hookname Found5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "self::ASSETS_INIT_ACTION_KEY".
WARNINGSecuritywp redirect wp redirect5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORSecurityregister setting Missing4
- Category
- Security
- Occurrences
- 4
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGMaintainabilityerror log set error handler4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
set_error_handler() found. Debug code should not normally be used in production.
ERRORMaintainabilitycurl curl setopt4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Score History
First score snapshot
Scan records1
v3.12.0
21
Latest
- Findings
- 2,061
- Errors
- 1,866
- Warnings
- 195
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 21 | 2,061 | 1,866 | 195 | v3.12.0 | 2.0.0 | 2026.06-mvp-static-v2 |
