PluginScore

CartBounty – Save and recover abandoned carts for WooCommerce

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

v8.10.2StreamlineUpdated Added 10k+ installs96% rating100% support resolved
abandoned cartsactivecampaigncart abandonmentexit popupwoocommerce
33
Score
370
Errors
399
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability42

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

769 findings

Security

573

12 issue groups

Maintainability

139

8 issue groups

I18n

45

5 issue groups

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a class='cartbounty-tab nav-tab$class' href='"'.253
Category
Security
Occurrences
253
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<a class='cartbounty-tab nav-tab$class' href='"'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityMissing Unslash$_GET[&#039;cart-status&#039;] not unslashed before sanitization. Use wp_unslash() or similar61
Category
Security
Occurrences
61
Severity
warning

Sample message

$_GET[&#039;cart-status&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityRecommendedProcessing form data without nonce verification.60
Category
Security
Occurrences
60
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityMissingProcessing form data without nonce verification.59
Category
Security
Occurrences
59
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb-&gt;prepare(); found interpolated variable $cart_table at &quot;DELETE FROM $cart_table\n58
Category
Security
Occurrences
58
Severity
warning

Sample message

Use placeholders and $wpdb-&gt;prepare(); found interpolated variable $cart_table at &quot;DELETE FROM $cart_table\n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;cart-status&#039;]45
Category
Security
Occurrences
45
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;cart-status&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.43
Category
Maintainability
Occurrences
43
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().42
Category
Maintainability
Occurrences
42
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.25
Category
Maintainability
Occurrences
25
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORSecurityUnescaped DBParameterUnescaped parameter $consent_query used in $wpdb->get_results()\n$consent_query assigned unsafely at line 803.17
Category
Security
Occurrences
17
Severity
error

Sample message

Unescaped parameter $consent_query used in $wpdb->get_results()\n$consent_query assigned unsafely at line 803.

PluginCheck.Security.DirectDB.UnescapedDBParameter
Show 15 more
ERRORI18nUnordered Placeholders Text17
Category
I18n
Occurrences
17
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Get %sCartBounty Pro%s to enable cart data preview above.'.

WordPress.WP.I18n.UnorderedPlaceholdersTextReference
ERRORMaintainabilitywp function not compatible with requires wp14
Category
Maintainability
Occurrences
14
Severity
error

Sample message

Function "get_privacy_policy_url()" requires WordPress 4.9.6, but your plugin minimum supported version is WordPress 4.6.0.

wp_function_not_compatible_with_requires_wpReference
ERRORI18nMissing Translators Comment13
Category
I18n
Occurrences
13
Severity
error

Sample message

A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGMaintainabilityNon Prefixed Variable Found6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$button_html&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGSecurityInput Not Validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;page&#039;]. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORI18nMissing Arg Domain6
Category
I18n
Occurrences
6
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGMaintainabilityNon Prefixed Function Found5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;activate_cartbounty&quot;.

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
ERRORI18nNon Singular String Literal Text5
Category
I18n
Occurrences
5
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $key

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORSecurityregister setting Missing4
Category
Security
Occurrences
4
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
WARNINGSecurityUnquoted Complex Placeholder4
Category
Security
Occurrences
4
Severity
warning

Sample message

Complex placeholders used for values in the query string in $wpdb-&gt;prepare() will NOT be quoted automagically. Found: %0.2f.

WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder
ERRORI18nMissing Singular Placeholder4
Category
I18n
Occurrences
4
Severity
error

Sample message

Missing singular placeholder, needed for some languages. See https://codex.wordpress.org/I18n_for_WordPress_Developers#Plurals

WordPress.WP.I18n.MissingSingularPlaceholderReference
WARNINGSecurityUnescaped DBParameter3
Category
Security
Occurrences
3
Severity
warning

Sample message

Unescaped parameter $cart_table used in $wpdb-&gt;query()\n$cart_table assigned unsafely at line 16.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORSecurityUnsafe Printing Function3
Category
Security
Occurrences
3
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORMaintainabilityFound2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File contains UTF-8 byte order mark, which may corrupt your application

Generic.Files.ByteOrderMark.Found
WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

Score History

First score snapshot

v8.10.2

33

Latest

Findings
769
Errors
370
Warnings
399
Check
2.0.0

Related Plugins

Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers

60k+ active installs

83
Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More

7k+ active installs

55
Active Campaign & Contact Form 7

3k+ active installs

43
ShopMagic Abandoned Cart Recovery for WooCommerce

2k+ active installs

35
PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

9k+ active installs

34
ActiveCampaign – The autonomous marketing platform

40k+ active installs

31