PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.
Prioritized issue groups from the latest Plugin Check scan
Security
192
5 issue groups
Maintainability
110
11 issue groups
Performance
1
1 issue group
Repo Compliance
1
1 issue group
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Invalid WC_Order id {$order_id}."'.
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
Detected usage of a non-sanitized input variable: $_GET['change_payment_method']
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$action_name".
Sample message
Use of a direct database call is discouraged.
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Sample message
Processing form data without nonce verification.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "deprecated_argument_run".
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$hide_save_button".
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wc_help_tip'.
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "WooCommerce PayPal Payments" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.
Sample message
Unescaped parameter $table used in $wpdb->query()\n$table assigned unsafely at line 285.
Sample message
error_log() found. Debug code should not normally be used in production.
Sample message
Detected usage of meta_key, possible slow query.
Sample message
The "woocommerce.feature_flags.woocommerce" prefix is not a valid namespace/function/class/variable/constant prefix in PHP.
Sample message
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
Sample message
The "Changelog" section is too long and was truncated. A maximum of 5000 characters is supported.
Potential connections found in static code analysis.
Outbound calls
209
External assets
4
Incoming endpoints
5
wp_ajax
wp_ajax
3 score snapshots
v4.1.1
37
Latest
v4.1.0
37
Score
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 37 | 304 | 194 | 110 | v4.1.1 | 2.0.0 |
| 37 | 304 | 194 | 110 | v4.1.0 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.