FundEngine - FundEngine is a fundraising and crowdfunding plugin with PayPal, Stripe, and WooCommerce payment support.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
69
2 issue groups
Maintainability
30
17 issue groups
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot save property `{$key}` containing an API resource of type "'.67
- Category
- Security
- Occurrences
- 67
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Cannot save property `{$key}` containing an API resource of type "'.
WARNINGMaintainabilityerror log trigger errortrigger_error() found. Debug code should not normally be used in production.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
trigger_error() found. Debug code should not normally be used in production.
ERRORMaintainabilitycurl curl errnoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_FUNDRAISING_PREVIOUS_STABLE_VERSION".2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_FUNDRAISING_PREVIOUS_STABLE_VERSION".
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.2
- Category
- Security
- Occurrences
- 2
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$message'.
ERRORMaintainabilitycurl curl errorUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl execUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl getinfoUsing cURL functions is highly discouraged. Use wp_remote_get() instead.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Show 9 moreShow less
ERRORMaintainabilitycurl curl setopt array2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityparse url parse url2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WFP_Fundraising".
ERRORMaintainabilitycurl curl close1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl init1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilitycurl curl reset1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityrand mt rand1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
mt_rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilitybadly named files1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File and folder names must not contain spaces or special characters.
WARNINGMaintainabilitytrademarked term1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The plugin slug includes a restricted term. Your plugin slug - "wp-fundraising-donation" - contains the restricted term "wp" which cannot be used at all in your plugin slug.
External Connections
Potential connections found in static code analysis.
Outbound calls
281
External assets
0
Incoming endpoints
19
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
register_rest_route
register_rest_route
register_rest_route
register_rest_route
register_rest_route
register_rest_route
Admin AJAX endpoints2
wp_ajax
wp_ajax
Score History
First score snapshot
v1.7.8
37
Latest
- Findings
- 99
- Errors
- 90
- Warnings
- 9
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 37 | 99 | 90 | 9 | v1.7.8 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.