CartBounty – Save and recover abandoned carts for WooCommerce

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

v8.10.2StreamlineUpdated Added 10k+ installs96% rating100% support resolved
33
Score
370
Errors
399
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability42

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

769 findings

Security

573

12 issue groups

Maintainability

139

8 issue groups

I18n

45

5 issue groups

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a class='cartbounty-tab nav-tab$class' href='"'.253
Category
Security
Occurrences
253
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a class='cartbounty-tab nav-tab$class' href='"'.

WARNINGSecurityMissing Unslash$_GET[&#039;cart-status&#039;] not unslashed before sanitization. Use wp_unslash() or similar61
Category
Security
Occurrences
61
Severity
warning

Sample message

$_GET[&#039;cart-status&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityRecommendedProcessing form data without nonce verification.60
Category
Security
Occurrences
60
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityMissingProcessing form data without nonce verification.59
Category
Security
Occurrences
59
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb-&gt;prepare(); found interpolated variable $cart_table at &quot;DELETE FROM $cart_table\n58
Category
Security
Occurrences
58
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $cart_table at &quot;DELETE FROM $cart_table\n

WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;cart-status&#039;]45
Category
Security
Occurrences
45
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;cart-status&#039;]

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.43
Category
Maintainability
Occurrences
43
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().42
Category
Maintainability
Occurrences
42
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.25
Category
Maintainability
Occurrences
25
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecurityUnescaped DBParameterUnescaped parameter $consent_query used in $wpdb->get_results()\n$consent_query assigned unsafely at line 803.17
Category
Security
Occurrences
17
Severity
error

Sample message

Unescaped parameter $consent_query used in $wpdb->get_results()\n$consent_query assigned unsafely at line 803.

Show 15 more
ERRORI18nUnordered Placeholders Text17
Category
I18n
Occurrences
17
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Get %sCartBounty Pro%s to enable cart data preview above.'.

ERRORMaintainabilitywp function not compatible with requires wp14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

Function "get_privacy_policy_url()" requires WordPress 4.9.6, but your plugin minimum supported version is WordPress 4.6.0.

ERRORI18nMissing Translators Comment13
Category
I18n
Occurrences
13
Severity
error

Sample message

A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityNon Prefixed Variable Found6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$button_html&quot;.

WARNINGSecurityInput Not Validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;page&#039;]. Check that the array index exists before using it.

ERRORI18nMissing Arg Domain6
Category
I18n
Occurrences
6
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityNon Prefixed Function Found5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;activate_cartbounty&quot;.

ERRORI18nNon Singular String Literal Text5
Category
I18n
Occurrences
5
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $key

ERRORSecurityregister setting Missing4
Category
Security
Occurrences
4
Severity
error

Sample message

Sanitization missing for register_setting().

WARNINGSecurityUnquoted Complex Placeholder4
Category
Security
Occurrences
4
Severity
warning

Sample message

Complex placeholders used for values in the query string in $wpdb-&gt;prepare() will NOT be quoted automagically. Found: %0.2f.

ERRORI18nMissing Singular Placeholder4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals

WARNINGSecurityUnescaped DBParameter3
Category
Security
Occurrences
3
Severity
warning

Sample message

Unescaped parameter $cart_table used in $wpdb-&gt;query()\n$cart_table assigned unsafely at line 16.

ERRORSecurityUnsafe Printing Function3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilityFound2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File contains UTF-8 byte order mark, which may corrupt your application

WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

Score History

First score snapshot

v8.10.2

33

Latest

Findings
769
Errors
370
Warnings
399
Check
2.0.0

Related Plugins