PluginScore

zahls.ch Credit Cards, PostFinance and TWINT for WooCommerce

With zahls.ch you accept various payment methods such as credit cards and TWINT with a single plugin.

v2.0.7Ivan LouisUpdated Added 3k+ installs98% rating
kreditkartenpayrexxpostfinancestripetwint
30
Score
121
Errors
265
Warnings
+0
Change

Category Scores

Security0
Repo85
Performance100
Maintainability38

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

386 findings

Maintainability

276

14 issue groups

Security

93

8 issue groups

I18n

14

2 issue groups

Supply Chain

1

1 issue group

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$amount".182
Category
Maintainability
Occurrences
182
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$amount".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;41
Category
Maintainability
Occurrences
41
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$domain'.40
Category
Security
Occurrences
40
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$domain'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityerror log var dumpvar_dump() found. Debug code should not normally be used in production.36
Category
Maintainability
Occurrences
36
Severity
warning

Sample message

var_dump() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_dump
WARNINGSecurityRecommendedProcessing form data without nonce verification.17
Category
Security
Occurrences
17
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORSecurityUnsafe Printing FunctionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.10
Category
Security
Occurrences
10
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_GET['change_payment_method']9
Category
Security
Occurrences
9
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['change_payment_method']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing Unslash$_GET['change_payment_method'] not unslashed before sanitization. Use wp_unslash() or similar9
Category
Security
Occurrences
9
Severity
warning

Sample message

$_GET['change_payment_method'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: get_option("woocommerce_zahls_description")9
Category
I18n
Occurrences
9
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: get_option("woocommerce_zahls_description")

WordPress.WP.I18n.NonSingularStringLiteralTextReference
ERRORSecurityException Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$communicationHandler'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$communicationHandler'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
Show 15 more
ERRORI18nText Domain Mismatch5
Category
I18n
Occurrences
5
Severity
error

Sample message

Mismatched text domain. Expected 'zahls-ch-payment-gateway' but got 'wc-zahls-gateway'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityNon Prefixed Hookname Found4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'woo_zahls_custom_transaction_status_' . $status".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon Prefixed Function Found3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "WC_Zahls_offline_gateway_init".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGMaintainabilityNon Prefixed Class Found2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "WC_Zahls_Blocks_Support".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
WARNINGMaintainabilityerror log error log1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGSecurityMissing1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInput Not Validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['zahls-allow-recurring']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilitycurl curl close1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_close
ERRORMaintainabilitycurl curl errno1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_errno
ERRORMaintainabilitycurl curl exec1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_exec
ERRORMaintainabilitycurl curl getinfo1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_getinfo
ERRORMaintainabilitycurl curl init1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_init
ERRORMaintainabilitycurl curl setopt array1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WordPress.WP.AlternativeFunctions.curl_curl_setopt_array
ERRORMaintainabilityparse url parse url1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORSupply Chainhidden files1
Category
Supply Chain
Occurrences
1
Severity
error

Sample message

Hidden files are not permitted.

hidden_files

Score History

First score snapshot

v2.0.7

30

Latest

Findings
386
Errors
121
Warnings
265
Check
2.0.0

Related Plugins

Payrexx Payment Gateway for WooCommerce

2k+ active installs

45
Stripe Tax – Sales tax automation for WooCommerce

30k+ active installs

36
Contact Form 7 – PayPal & Stripe Add-on

8k+ active installs

30
WooCommerce Stripe Payment Gateway

700k+ active installs

30
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

300k+ active installs

24
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe

9k+ active installs

24