ShopLentor – More than a WooCommerce builder. A complete growth plugin to boost conversions, UX, and sales for your store.
Category Scores
Top Issues by Category
i18n6,874
maintainability1,667
security953
Issues Details
9,603 issues found in latest scan
Mismatched text domain. Expected 'woolentor-addons' but got "woolentor".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accordion_settings".
Processing form data without nonce verification.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$add_limit'.
$_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar
Detected usage of a non-sanitized input variable: $_COOKIE[$cookie_name]
The $text parameter must be a single text string literal. Found: $available_text
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Use placeholders and $wpdb->prepare(); found interpolated variable $order at ORDER BY $orderby $order\n
Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility.
Function "block_footer_area()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.7.0.
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Detected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wsa_form_bottom_' . $form['id']".
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Detected usage of meta_key, possible slow query.
Detected usage of tax_query, possible slow query.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Detected usage of meta_query, possible slow query.
wp_reset_query() is discouraged. Use wp_reset_postdata() instead.
Unescaped parameter $email_logs_table used in $wpdb->get_results()\n$email_logs_table assigned unsafely at line 663.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'woolentor-addons' but got "woolentor". | 6,677 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accordion_settings". | 1,363 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 240 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$add_limit'. | 193 |
| WordPress.DB.PreparedSQL.NotPrepared | ERROR | Use placeholders and $wpdb->prepare(); found $args | 157 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar | 154 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_COOKIE[$cookie_name] | 109 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $available_text | 93 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 72 |
| WordPress.DB.PreparedSQL.InterpolatedNotPrepared | WARNING | Use placeholders and $wpdb->prepare(); found interpolated variable $order at ORDER BY $orderby $order\n | 60 |
| block_api_version_too_low | ERROR | Editor blocks must define "apiVersion" 3 or higher in block.json for WordPress 7.0+ iframe editor compatibility. | 48 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "block_footer_area()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 4.7.0. | 41 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 39 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_GET['action']. Check that the array index exists before using it. | 32 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 32 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 30 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wsa_form_bottom_' . $form['id']". | 28 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 27 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 26 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_key | WARNING | Detected usage of meta_key, possible slow query. | 25 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 21 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 17 |
| WordPress.DB.SlowDBQuery.slow_db_query_meta_query | WARNING | Detected usage of meta_query, possible slow query. | 15 |
| WordPress.WP.DiscouragedFunctions.wp_reset_query_wp_reset_query | WARNING | wp_reset_query() is discouraged. Use wp_reset_postdata() instead. | 14 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | ERROR | Unescaped parameter $email_logs_table used in $wpdb->get_results()\n$email_logs_table assigned unsafely at line 663. | 8 |
Latest Snapshot
Findings
9,603
Errors
7,422
Warnings
2,181
Score History
First score snapshot
First scan completed Jun 20, 2026
v3.4.3 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v3.4.3
23
Latest
- Findings
- 9,603
- Errors
- 7,422
- Warnings
- 2,181
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 23 | 9,603 | 7,422 | 2,181 | v3.4.3 | 2.0.0 | 2026.06-mvp-static-v2 |
