PluginScore

WP Inventory Manager

Manage inventory in WordPress without WooCommerce. Unlimited items, custom fields, shortcode display. Trusted by 120,000+ sites since 2013.

v2.4.0WP InventoryUpdated Added 1k+ installs92% rating
inventoryinventory managerproduct catalogstock managementwoocommerce alternative
30
Score
856
Errors
233
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability29

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,089 findings

Security

815

10 issue groups

I18n

140

4 issue groups

Maintainability

111

11 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$add_on'.438
Category
Security
Occurrences
438
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$add_on'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $attachment_url187
Category
Security
Occurrences
187
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $attachment_url

WordPress.DB.PreparedSQL.NotPrepared
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to _e().66
Category
I18n
Occurrences
66
Severity
error

Sample message

Missing $domain parameter in function call to _e().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $address65
Category
I18n
Occurrences
65
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $address

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$display_labels".49
Category
Maintainability
Occurrences
49
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$display_labels".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $idfield used in $wpdb->get_results()\n$idfield used without escaping.46
Category
Security
Occurrences
46
Severity
error

Sample message

Unescaped parameter $idfield used in $wpdb->get_results()\n$idfield used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.29
Category
Security
Occurrences
29
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $table used in $wpdb->get_results()28
Category
Security
Occurrences
28
Severity
warning

Sample message

Unescaped parameter $table used in $wpdb->get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityRequest data is not unslashed$_COOKIE[self::$page_state_cookie] not unslashed before sanitization. Use wp_unslash() or similar28
Category
Security
Occurrences
28
Severity
warning

Sample message

$_COOKIE[self::$page_state_cookie] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.23
Category
Security
Occurrences
23
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
Show 15 more
ERRORMaintainabilityMissing direct file access protection20
Category
Maintainability
Occurrences
20
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGSecurityInterpolated SQL is not prepared17
Category
Security
Occurrences
17
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$column} at "ALTER TABLE `{$table}` ADD COLUMN `{$column}` {$definition}"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityInput is not sanitized13
Category
Security
Occurrences
13
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[self::$page_state_cookie]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGMaintainabilityMissing Version11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORMaintainabilitydate date8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
WARNINGSecurityUnfinished Prepare6
Category
Security
Occurrences
6
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
ERRORI18nNon Singular String Literal Domain6
Category
I18n
Occurrences
6
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: WPIMConstants::LANG

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
WARNINGMaintainabilityNot In Footer5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_register_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WordPress.WP.EnqueuedResourceParameters.NotInFooter
WARNINGMaintainabilityDirect Query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo Caching3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityNon-prefixed hook name3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "reserve_email_message_position".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityerror log var dump3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_dump
ERRORI18nMissing Translators Comment3
Category
I18n
Occurrences
3
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP Inventory Manager" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
ERRORMaintainabilitywp function not compatible with requires wp3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Function "has_shortcode()" requires WordPress 3.6.0, but your plugin minimum supported version is WordPress 3.5.0.

wp_function_not_compatible_with_requires_wpReference

External Connections

Not analyzed yet.

Score History

First score snapshot

v2.4.0

30

Latest

Findings
1,089
Errors
856
Warnings
233
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Related

Catalog Booster & Product Catalog Mode for WooCommerce37 scoreYoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWooCommerce22 scoreAkismet Anti-spam: Spam Protection35 scoreAll-in-One WP Migration and Backup34 scoreClassic Editor63 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreRank Math SEO – AI SEO Tools to Dominate SEO Rankings31 scoreUltimate Product Catalog24 scoreWCPOS – Point of Sale (POS) plugin for WooCommerce30 scoreBarcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)24 scoreProduct Catalog Simple24 scoreProduct Editor Pro – WooCommerce Bulk Edit: Prices, Stock, Images, Titles, CSV Import & More24 score

Related Plugins

Billbee – Auftragsabwicklung, Warenwirtschaft, Automatisierung

500 active installs

90
FlexStock – Product Stock Sync with Google Sheets for WooCommerce

700 active installs

48
GetPaid > Item Inventory

400 active installs

40
Catalog Booster & Product Catalog Mode for WooCommerce

1k+ active installs

37
Oliver POS – WooCommerce POS for iPhone, iPad & Android

800 active installs

37
Sync Master Sheet – Product Sync with Google Sheet for WooCommerce

400 active installs

30