FundEngine – Donation and Crowdfunding Platform

FundEngine - FundEngine is a fundraising and crowdfunding plugin with PayPal, Stripe, and WooCommerce payment support.

v1.7.8RoxnorUpdated Added 1k+ installs84% rating
37
Score
90
Errors
9
Warnings
+0
Change

Category Scores

Security0
Repo100
Performance100
Maintainability60

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

99 findings

Security

69

2 issue groups

Maintainability

30

17 issue groups

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot save property `{$key}` containing an API resource of type "'.67
Category
Security
Occurrences
67
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot save property `{$key}` containing an API resource of type "'.

WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

ERRORMaintainabilitycurl curl errnoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_FUNDRAISING_PREVIOUS_STABLE_VERSION".2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_FUNDRAISING_PREVIOUS_STABLE_VERSION".

WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.2
Category
Security
Occurrences
2
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.

ERRORMaintainabilitycurl curl errorUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl execUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl getinfoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

Show 9 more
ERRORMaintainabilitycurl curl setopt array2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_Fundraising".

ERRORMaintainabilitycurl curl close1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl init1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl reset1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityrand mt rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

ERRORMaintainabilitybadly named files1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin slug includes a restricted term. Your plugin slug - "wp-fundraising-donation" - contains the restricted term "wp" which cannot be used at all in your plugin slug.

External Connections

Potential connections found in static code analysis.

18 domains

Outbound calls

281

External assets

0

Incoming endpoints

19

Notable Domains

stripe.com230 · outbound
iso.org23 · outbound
support.stripe.com3 · outbound
paypal.com2 · outbound

Platform / Reference Domains

github.com2 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/wfp-xs-auth/login/REST

register_rest_route

/wp-json/wfp-xs-auth/register/REST

register_rest_route

/wp-json/woc-redirect/add-to-cartREST

register_rest_route

/wp-json/xs-donate-form/donate-active/(?P<donateid>\w+)/REST

register_rest_route

/wp-json/xs-donate-form/donate-submit/(?P<formid>\w+)/REST

register_rest_route

/wp-json/xs-donate-form/payment-redirect/(?P<id>\w+)/REST

register_rest_route

Admin AJAX endpoints2
wp_ajax_featured_video_get_dataauthenticated

wp_ajax

wp_ajax_featured_video_modalauthenticated

wp_ajax

Score History

First score snapshot

v1.7.8

37

Latest

Findings
99
Errors
90
Warnings
9
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Related Plugins