WPPizza – A Restaurant Plugin

A Restaurant Plugin (not only for Pizza). Maintain your Menu (sizes, prices, categories). Accept COD orders. Multisite, Multilingual, WPML compatible.

v3.20.1ollybachUpdated Added 1k+ installs100% rating
18
Score
4,689
Errors
2,703
Warnings
+0
Change

Category Scores

Security0
Repo57
Performance95
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

7,392 findings

Security

3,429

11 issue groups

I18n

2,194

2 issue groups

Maintainability

1,680

11 issue groups

Supply Chain

7

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$SmtpPwPlaceholder'.2,183
Category
Security
Occurrences
2,183
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$SmtpPwPlaceholder'.

ERRORI18nText Domain MismatchMismatched text domain. Expected 'wppizza' but got "wppizza-admin".2,137
Category
I18n
Occurrences
2,137
Severity
error

Sample message

Mismatched text domain. Expected 'wppizza' but got "wppizza-admin".

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ORDER_EXECUTE".1,220
Category
Maintainability
Occurrences
1,220
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$ORDER_EXECUTE".

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.373
Category
Security
Occurrences
373
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[$variable_name]235
Category
Security
Occurrences
235
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[$variable_name]

WARNINGSecurityRequest data is not unslashed$_GET[$variable_name] not unslashed before sanitization. Use wp_unslash() or similar219
Category
Security
Occurrences
219
Severity
warning

Sample message

$_GET[$variable_name] not unslashed before sanitization. Use wp_unslash() or similar

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.189
Category
Maintainability
Occurrences
189
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.173
Category
Security
Occurrences
173
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_GET['name']. Check that the array index exists before using it.114
Category
Security
Occurrences
114
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['name']. Check that the array index exists before using it.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.71
Category
Maintainability
Occurrences
71
Severity
warning

Sample message

Use of a direct database call is discouraged.

Show 15 more
WARNINGMaintainabilityNo Caching69
Category
Maintainability
Occurrences
69
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecuritySQL query is not prepared60
Category
Security
Occurrences
60
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $bestsellersQuery

WARNINGMaintainabilityerror log print r57
Category
Maintainability
Occurrences
57
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

WARNINGI18nText Domain Mismatch57
Category
I18n
Occurrences
57
Severity
warning

Sample message

Mismatched text domain. Expected 'wppizza' but got 'default'.

ERRORSecurityUnsafe printing function32
Category
Security
Occurrences
32
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityNon-prefixed hook name31
Category
Maintainability
Occurrences
31
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "edd_sl_api_request_verify_ssl".

ERRORSecurityDatabase parameter is not escaped24
Category
Security
Occurrences
24
Severity
error

Sample message

Unescaped parameter $customer_values_query used in $wpdb->get_results()\n$customer_values_query assigned unsafely at line 688.

ERRORMaintainabilitywp function not compatible with requires wp16
Category
Maintainability
Occurrences
16
Severity
error

Sample message

Function "current_datetime()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 3.3.0.

WARNINGSecurityDatabase parameter is not escaped9
Category
Security
Occurrences
9
Severity
warning

Sample message

Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 399.

WARNINGMaintainabilityslow db query meta key8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

ERRORSecurityUnsupported Identifier Placeholder7
Category
Security
Occurrences
7
Severity
error

Sample message

The %i modifier is only supported in WP 6.2 or higher. Found: "%i".

WARNINGMaintainabilityslow db query meta value7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

ERRORSupply ChainHidden files included7
Category
Supply Chain
Occurrences
7
Severity
error

Sample message

Hidden files are not permitted.

WARNINGMaintainabilityerror log error log6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WARNINGMaintainabilityDeprecated parameter: get_terms parameter 26
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

The parameter "array( 'hide_empty' => 0 )" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

External Connections

Potential connections found in static code analysis.

44 domains

Outbound calls

278

External assets

2

Incoming endpoints

20

Notable Domains

jqueryvalidation.org70 · outbound
docs.wp-pizza.com12 · outbound
getharvest.com6 · outbound
apple.com4 · outbound
aa-asterisk.org.uk3 · outbound

Platform / Reference Domains

opensource.org113 · platform/reference
github.com9 · platform/reference
codex.wordpress.org6 · platform/reference
w3.org4 · platform/reference
en-gb.wordpress.org2 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

Incoming Endpoints

wp_ajax_nopriv_wppizza_jsonpublic

wp_ajax

Admin AJAX endpoints3
wp_ajax_wppizza_admin_authenticated

wp_ajax

wp_ajax_wppizza_admin_ajaxauthenticated

wp_ajax

wp_ajax_wppizza_jsonauthenticated

wp_ajax

Score History

First score snapshot

v3.20.1

18

Latest

Findings
7,392
Errors
4,689
Warnings
2,703
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins