WhyDonate – FREE Donate button – Crowdfunding – Fundraising

FREE Donation button for your website. Collect donations via Credit card, PayPal, VISA, iDeal, Sofort and Bancontact. Set up in minutes and safe!

v4.0.17jjlemstraUpdated Added 800 installs96% rating
28
Score
216
Errors
328
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability18

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

544 findings

Maintainability

291

14 issue groups

Security

179

10 issue groups

I18n

67

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$achived_per".165
Category
Maintainability
Occurrences
165
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$achived_per".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'wp-whydonate' but got "whydonate-v2".67
Category
I18n
Occurrences
67
Severity
error

Sample message

Mismatched text domain. Expected 'wp-whydonate' but got "whydonate-v2".

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.52
Category
Security
Occurrences
52
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $api_table at "SHOW TABLES LIKE '$api_table'"26
Category
Security
Occurrences
26
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $api_table at "SHOW TABLES LIKE '$api_table'"

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "api_key".25
Category
Maintainability
Occurrences
25
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "api_key".

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.24
Category
Maintainability
Occurrences
24
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().23
Category
Maintainability
Occurrences
23
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$jsonOptions'.21
Category
Security
Occurrences
21
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$jsonOptions'.

ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.20
Category
Maintainability
Occurrences
20
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 126.15
Category
Security
Occurrences
15
Severity
error

Sample message

Unescaped parameter $query used in $wpdb->get_results()\n$query assigned unsafely at line 126.

Show 15 more
ERRORSecuritySQL query is not prepared15
Category
Security
Occurrences
15
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WARNINGSecurityInput is not sanitized13
Category
Security
Occurrences
13
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['api_key']

WARNINGSecurityRequest data is not unslashed13
Category
Security
Occurrences
13
Severity
warning

Sample message

$_POST['api_key'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validated9
Category
Security
Occurrences
9
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['id']. Check that the array index exists before using it.

WARNINGSecurityMissing nonce verification8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityDatabase parameter is not escaped7
Category
Security
Occurrences
7
Severity
warning

Sample message

Unescaped parameter $api_table used in $wpdb->get_var()\n$api_table assigned unsafely at line 268.

ERRORMaintainabilitycurl curl close6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl exec6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilitycurl curl init6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WARNINGMaintainabilitySchema Change4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WARNINGMaintainabilityerror log var dump3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

WARNINGMaintainabilityMissing Version3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

ERRORMaintainabilityMissing direct file access protection3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilityNon Enqueued Stylesheet2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

External Connections

Potential connections found in static code analysis.

15 domains

Outbound calls

198

External assets

18

Incoming endpoints

6

Notable Domains

whydonate.eu68 · outbound
localise.biz16 · outbound
whydonate.nl4 · outbound

Platform / Reference Domains

profiles.wordpress.org17 · platform/reference
wordpress.org17 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

whydonate.com65 · asset + outbound
plugin.whydonate.com13 · asset + outbound
imagedelivery.net4 · asset + outbound
fonts.googleapis.com3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints6
wp_ajax_api_keyauthenticated

wp_ajax

wp_ajax_check_api_keyauthenticated

wp_ajax

wp_ajax_check_databaseauthenticated

wp_ajax

wp_ajax_fundraiser_shortcodes_arrayauthenticated

wp_ajax

wp_ajax_my_actionauthenticated

wp_ajax

wp_ajax_transfer_stylingauthenticated

wp_ajax

Score History

First score snapshot

v4.0.17

28

Latest

Findings
544
Errors
216
Warnings
328
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins