YITH WooCommerce Badge Management allows you to create and manage custom badges for products.
Category Scores
Top Issues by Category
maintainability1,500
i18n324
security32
performance2
repo_compliance1
Issues Details
1,859 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_defaults".
Mismatched text domain. Expected 'yith-woocommerce-badges-management' but got 'woocommerce'.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_settings_' . sanitize_title( $field['id'] )".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "YIT_Plugin_Licence".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'yith_field_deps_data'.
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "YIT_Ajax".
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$deprecated_filters[ $filter ]".
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_YITH_BH_ONBOARDING".
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$response'.
The plugin name includes a restricted term. Your chosen plugin name - "YITH WooCommerce Badge Management" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name.
Detected usage of a non-sanitized input variable: $_GET['term']
Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.
The $text parameter must be a single text string literal. Found: 'Error: Unable to process the External Services API Request.' . $response['response']['message']
Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.
Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_defaults". | 1,305 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'yith-woocommerce-badges-management' but got 'woocommerce'. | 317 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woocommerce_settings_' . sanitize_title( $field['id'] )". | 72 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 53 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "YIT_Plugin_Licence". | 30 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'yith_field_deps_data'. | 27 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "YIT_Ajax". | 16 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$deprecated_filters[ $filter ]". | 6 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DOING_YITH_BH_ONBOARDING". | 6 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 6 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$response'. | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "YITH WooCommerce Badge Management" - contains the restricted term "woocommerce" which cannot be used within in your plugin name, unless your plugin name contains one of the allowed patterns: "for woocommerce", "with woocommerce", "using woocommerce", or "and woocommerce". The term must still not appear anywhere else in your name. | 3 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['term'] | 2 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude | WARNING | Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 2 |
| update_modification_detected | WARNING | Plugin Updater detected. Detected code which may be altering WordPress update routines. Detected: _site_transient_update_plugins | 2 |
| Generic.PHP.ForbiddenFunctions.Found | ERROR | The use of function get_post_type_labels() is forbidden | 1 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 1 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 1 |
| WordPress.WP.DeprecatedParameters.Get_termsParam2Found | ERROR | The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter. | 1 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: 'Error: Unable to process the External Services API Request.' . $response['response']['message'] | 1 |
| badly_named_files | ERROR | File and folder names must not contain spaces or special characters. | 1 |
| library_core_files | ERROR | Library files that are already in the WordPress core are not permitted. | 1 |
| plugin_header_no_license | ERROR | Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license. | 1 |
| plugin_updater_detected | ERROR | Plugin Updater detected. These are not permitted in WordPress.org hosted plugins. Detected: site_transient_update_plugins | 1 |
Latest Snapshot
Findings
1,859
Errors
413
Warnings
1,446
Score History
First score snapshot
First scan completed
v3.25.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
v3.25.0
32
Latest
- Findings
- 1,859
- Errors
- 413
- Warnings
- 1,446
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Latest | 32 | 1,859 | 413 | 1,446 | v3.25.0 | 2.0.0 | 2026.06-mvp-static-v2 |
