ЮKassa для WooCommerce

Прием платежей на сайтах WooCommerce. Разработка и поддержка — компания ЮMoney

v2.16.1yoomoneyUpdated Added 9k+ installs76% rating
22
Score
590
Errors
168
Warnings
+0
Change

Category Scores

Security0
Repo83
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

758 findings

Security

366

11 issue groups

Maintainability

328

12 issue groups

I18n

25

2 issue groups

ERRORMaintainabilityShort PHP open tag foundShort PHP opening tag used with echo; expected "<?php echo $available_by_ec_field ..." but found "<?= $available_by_ec_field ..."228
Category
Maintainability
Occurrences
228
Severity
error

Sample message

Short PHP opening tag used with echo; expected "<?php echo $available_by_ec_field ..." but found "<?= $available_by_ec_field ..."

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$available_by_ec_field'.219
Category
Security
Occurrences
219
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$available_by_ec_field'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$available_by_ec_field&quot;.34
Category
Maintainability
Occurrences
34
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$available_by_ec_field&quot;.

ERRORSecuritySetting is missing a sanitization callbackSanitization missing for register_setting().32
Category
Security
Occurrences
32
Severity
error

Sample message

Sanitization missing for register_setting().

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.23
Category
Security
Occurrences
23
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.20
Category
I18n
Occurrences
20
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;19
Category
Maintainability
Occurrences
19
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.18
Category
Security
Occurrences
18
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $order_by16
Category
Security
Occurrences
16
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $order_by

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[&#039;post&#039;]15
Category
Security
Occurrences
15
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[&#039;post&#039;]

Show 15 more
WARNINGSecurityRequest data is not unslashed15
Category
Security
Occurrences
15
Severity
warning

Sample message

$_COOKIE[&#039;p4s_push_subscriber_id&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validated12
Category
Security
Occurrences
12
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;id&#039;]. Check that the array index exists before using it.

WARNINGMaintainabilityNon-prefixed hook name10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;&#039;woocommerce_taxonomy_args_&#039;.$taxonomy_name&quot;.

WARNINGMaintainabilityDirect Query9
Category
Maintainability
Occurrences
9
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecurityException output is not escaped7
Category
Security
Occurrences
7
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$error'.

ERRORMaintainabilitydate date6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecurityHeredoc Output Not Escaped5
Category
Security
Occurrences
5
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.

ERRORI18nNon Singular String Literal Text5
Category
I18n
Occurrences
5
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $description

WARNINGSecuritywp redirect wp redirect4
Category
Security
Occurrences
4
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityNot Allowed3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

WARNINGMaintainabilityNon-prefixed class3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;WC_Payment_Token_SBP&quot;.

WARNINGMaintainabilityNon-prefixed namespace3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: &quot;Yoomoney\Includes&quot;.

WARNINGMaintainabilityerror log print r3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

ERRORMaintainabilityPlugin Directory Write2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using touch(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

External Connections

Potential connections found in static code analysis.

22 domains

Outbound calls

141

External assets

1

Incoming endpoints

4

Notable Domains

yookassa.ru65 · outbound
yoomoney.ru12 · outbound
ru.wikipedia.org8 · outbound
test.ru7 · outbound
en.wikipedia.org6 · outbound
esnsi.gosuslugi.ru6 · outbound

Platform / Reference Domains

github.com6 · platform/reference
w3.org3 · platform/reference
wordpress.org2 · platform/reference

External Asset Domains

static.yoomoney.ru3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints4
wp_ajax_yookassa_get_oauth_tokenauthenticated

wp_ajax

wp_ajax_yookassa_get_oauth_urlauthenticated

wp_ajax

wp_ajax_yookassa_get_tabauthenticated

wp_ajax

wp_ajax_yookassa_save_settingsauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 20, 2026, 11:11 PM UTC Score 22/100 Plugin v2.16.0 Plugin Check 2.0.0 591 errors, 168 warningsJun 24, 2026, 10:02 AM UTC Score 22/100 Plugin v2.16.1 Plugin Check 2.0.0 590 errors, 168 warningsJun 20, 2026Jun 24, 2026

v2.16.1

22

Latest

Findings
758
Errors
590
Warnings
168
Check
2.0.0

v2.16.0

22

Score

Findings
759
Errors
591
Warnings
168
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins