Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
4,755
13 issue groups
Security
2,483
11 issue groups
Performance
33
1 issue group
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$WC_Brands_Admin".1,291
- Category
- Maintainability
- Occurrences
- 1,291
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$WC_Brands_Admin".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.881
- Category
- Maintainability
- Occurrences
- 881
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().803
- Category
- Maintainability
- Occurrences
- 803
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "WC".773
- Category
- Maintainability
- Occurrences
- 773
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "WC".
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" {$oParserState->peek()} "'.632
- Category
- Security
- Occurrences
- 632
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" {$oParserState->peek()} "'.
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "Abstract_WC_Order_Data_Store_CPT".501
- Category
- Maintainability
- Occurrences
- 501
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Abstract_WC_Order_Data_Store_CPT".
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"\n$file, $func, $line\n"'.394
- Category
- Security
- Occurrences
- 394
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"\n$file, $func, $line\n"'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.376
- Category
- Security
- Occurrences
- 376
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$this->_cookie]362
- Category
- Security
- Occurrences
- 362
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[$this->_cookie]
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $address_table used in $wpdb->get_results()\n$address_table assigned unsafely at line 412.256
- Category
- Security
- Occurrences
- 256
- Severity
- warning
Sample message
Unescaped parameter $address_table used in $wpdb->get_results()\n$address_table assigned unsafely at line 412.
Show 15 moreShow less
WARNINGSecurityInterpolated SQL is not prepared213
- Category
- Security
- Occurrences
- 213
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $count_clause at "SELECT $count_clause FROM {$wpdb->prefix}wc_orders_meta WHERE meta_key=%s AND meta_value=%s"
WARNINGMaintainabilityNon-prefixed hook name191
- Category
- Maintainability
- Occurrences
- 191
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'add_meta_boxes_' . $this->screen_id".
WARNINGSecurityMissing nonce verification100
- Category
- Security
- Occurrences
- 100
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityMissing direct file access protection84
- Category
- Maintainability
- Occurrences
- 84
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityDynamic hook name74
- Category
- Maintainability
- Occurrences
- 74
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action".
WARNINGSecurityRequest data is not unslashed57
- Category
- Security
- Occurrences
- 57
- Severity
- warning
Sample message
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORSecurityUnsafe printing function53
- Category
- Security
- Occurrences
- 53
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilitySchema Change48
- Category
- Maintainability
- Occurrences
- 48
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
WARNINGPerformancePost Not In exclude33
- Category
- Performance
- Occurrences
- 33
- Severity
- warning
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
ERRORMaintainabilitydate date31
- Category
- Maintainability
- Occurrences
- 31
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityslow db query meta query29
- Category
- Maintainability
- Occurrences
- 29
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
ERRORMaintainabilityDeprecated parameter: get_terms parameter 226
- Category
- Maintainability
- Occurrences
- 26
- Severity
- error
Sample message
The parameter ""child_of=$id&menu_order=ASC&hide_empty=0"" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
WARNINGMaintainabilityNon-prefixed interface23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Interfaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "CronExpression_FieldInterface".
ERRORSecurityDatabase parameter is not escaped20
- Category
- Security
- Occurrences
- 20
- Severity
- error
Sample message
Unescaped parameter $column used in $wpdb->get_row()\n$column assigned unsafely at line 266.
WARNINGSecurityInput is not validated20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST['access_expires']. Check that the array index exists before using it.
Score History
First score snapshot
v10.8.1
22
Latest
- Findings
- 7,484
- Errors
- 1,355
- Warnings
- 6,129
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 22 | 7,484 | 1,355 | 6,129 | v10.8.1 | 2.0.0 |
Related Plugins
4k+ active installs
2k+ active installs
2k+ active installs
5k+ active installs
2k+ active installs
3k+ active installs