Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance

Add VAT Fields, Import European Taxes and check VAT compliance. Connect WooCommerce with ERPs and CRMs. Products, Clients and Orders with ERP/CRM.

v3.3.4Close·technologyUpdated 12 days agoAdded 12 years ago1k+ installs92% rating

connect eu vat integrate vat compliance woocommerce

Score

Errors

104

Warnings

Change

Category Scores

Security0

Repo94

Performance100

Maintainability67

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

127 findings

Security

11 issue groups

Maintainability

11 issue groups

I18n

3 issue groups

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.19

Category: Maintainability
Occurrences: 19
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.18

Category: Security
Occurrences: 18
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().16

Category: Maintainability
Occurrences: 16
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $meta_key at "SELECT P.ID FROM $wpdb->posts AS P LEFT JOIN $wpdb->postmeta AS PM ON PM.post_id = P.ID WHERE P.post_type = '$post_type' AND PM.meta_key='$meta_key' AND PM.meta_value=%s AND P.post_status != 'trash' LIMIT 1"10

Category: Security
Occurrences: 10
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $meta_key at "SELECT P.ID FROM $wpdb->posts AS P LEFT JOIN $wpdb->postmeta AS PM ON PM.post_id = P.ID WHERE P.post_type = '$post_type' AND PM.meta_key='$meta_key' AND PM.meta_value=%s AND P.post_status != 'trash' LIMIT 1"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.9

Category: Security
Occurrences: 9
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $actions_table used in $wpdb->get_results()\n$actions_table assigned unsafely at line 349.7

Category: Security
Occurrences: 7
Severity: warning

Sample message

Unescaped parameter $actions_table used in $wpdb->get_results()\n$actions_table assigned unsafely at line 349.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORI18nText Domain MismatchMismatched text domain. Expected 'woocommerce-es' but got 'connect-ecommerce'.6

Category: I18n
Occurrences: 6
Severity: error

Sample message

Mismatched text domain. Expected 'woocommerce-es' but got 'connect-ecommerce'.

WordPress.WP.I18n.TextDomainMismatch Reference

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_taxonomy_args_' . $taxonomy_name".4

Category: Maintainability
Occurrences: 4
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_taxonomy_args_' . $taxonomy_name".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['nonce']3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['nonce']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Show 15 more

WARNINGSecurityInput is not validated3

Category: Security
Occurrences: 3
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['nonce']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilitywp function not compatible with requires wp3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

Function "wp_admin_notice()" requires WordPress 6.4.0, but your plugin minimum supported version is WordPress 6.3.0.

wp_function_not_compatible_with_requires_wp Reference

ERRORSecurityDatabase parameter is not escaped2

Category: Security
Occurrences: 2
Severity: error

Sample message

Unescaped parameter $post_type used in $wpdb->get_var()\n$post_type used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORSecurityException output is not escaped2

Category: Security
Occurrences: 2
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$validation_result['message']'.

WordPress.Security.EscapeOutput.ExceptionNotEscaped Reference

WARNINGSecurityRequest data is not unslashed2

Category: Security
Occurrences: 2
Severity: warning

Sample message

$_POST['nonce'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORI18nMissing Translators Comment2

Category: I18n
Occurrences: 2
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

ERRORI18nUnordered Placeholders Text2

Category: I18n
Occurrences: 2
Severity: error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$s", but got "%s, %s" in 'Fetching %s products from %s'.

WordPress.WP.I18n.UnorderedPlaceholdersText Reference

WARNINGMaintainabilitytrademarked term2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.

trademarked_term

WARNINGMaintainabilitySchema Change1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

ERRORSecuritySQL query is not prepared1

Category: Security
Occurrences: 1
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityDynamic hook name1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action_hook".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound

WARNINGMaintainabilityNon-prefixed class1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Import_Products_Command".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilityerror log print r1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

print_r() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_print_r

ERRORSecurityOutput is not escaped1

Category: Security
Occurrences: 1
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

ERRORMaintainabilityfile system operations readfile1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().

WordPress.WP.AlternativeFunctions.file_system_operations_readfile

External Connections

Potential connections found in static code analysis.

19 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

ec.europa.eu3 · outbound

app.holded.com2 · outbound

braemoor.co.uk2 · outbound

close.technology2 · outbound

php-fig.org2 · outbound

api.clientify.net1 · outbound

Platform / Reference Domains

github.com6 · platform/reference

wordpress.org2 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_conecom_validate_vatpublic

wp_ajax

wp_ajax_nopriv_sync_erp_orderpublic

wp_ajax

Admin AJAX endpoints12

admin_post_connect_ecommerce_save_payment_methodsauthenticated

admin_post

wp_ajax_conecom_dismiss_review_noticeauthenticated

wp_ajax

wp_ajax_conecom_validate_vatauthenticated

wp_ajax

wp_ajax_connect_ecommerce_get_as_logsauthenticated

wp_ajax

wp_ajax_connect_ecommerce_get_import_statsauthenticated

wp_ajax

wp_ajax_connect_ecommerce_sync_ordersauthenticated

wp_ajax

wp_ajax_connect_ecommerce_sync_productsauthenticated

wp_ajax

wp_ajax_connect_ecommerce_test_alertauthenticated

wp_ajax

wp_ajax_connect_update_tax_ratesauthenticated

wp_ajax

wp_ajax_cwc_document_downloadauthenticated

wp_ajax

wp_ajax_sync_erp_orderauthenticated

wp_ajax

wp_ajax_woocommerce_tax_rates_save_changesauthenticated

wp_ajax

Score History

First score snapshot

3 days ago

v3.3.4

Latest

Findings: 127
Errors: 23
Warnings: 104
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
3 days agoLatest	38	127	23	104	v3.3.4	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

ec.europa.eu3 signals app.holded.com2 signals braemoor.co.uk2 signals close.technology2 signals php-fig.org2 signals api.clientify.net1 signal api.slack.com1 signal api.vatsense.com1 signal

Related Plugins

Central Connect

400 active installs

Flexible PDF Invoices for WooCommerce & WordPress

6k+ active installs

EU VAT Assistant for WooCommerce

5k+ active installs

European VAT Compliance Assistant for WooCommerce

3k+ active installs