Skip to content

Release

Release #391

Triggered via pull request July 3, 2026 12:33
@abaicusabaicus
synchronize #2848
development
Status Failure
Total duration 4m 8s
Artifacts 1

plugin-check.yml

on: pull_request
WordPress.org Guidelines Check
4m 2s
WordPress.org Guidelines Check
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 10 warnings
PluginCheck.CodeAnalysis.Offloading.OffloadedContent: inc/patterns/cafe-menu.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
PluginCheck.CodeAnalysis.Offloading.OffloadedContent: inc/patterns/cafe-menu.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
missing_direct_file_access_protection: inc/patterns/cafe-menu.php#L0
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
PluginCheck.CodeAnalysis.Offloading.OffloadedContent: inc/patterns/travel-contact.php#L12
Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.
missing_direct_file_access_protection: inc/patterns/travel-contact.php#L0
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WordPress.WP.EnqueuedResources.NonEnqueuedScript: inc/plugins/class-atomic-wind-blocks.php#L486
Scripts must be registered/enqueued via wp_enqueue_script()
WordPress.WP.EnqueuedResources.NonEnqueuedScript: inc/plugins/class-atomic-wind-blocks.php#L485
Scripts must be registered/enqueued via wp_enqueue_script()
WordPress.WP.AlternativeFunctions.file_system_operations_readfile: inc/server/class-dynamic-content-server.php#L274
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
WordPress.WP.AlternativeFunctions.file_system_operations_readfile: inc/server/class-dynamic-content-server.php#L264
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: readfile().
application_detected: phpcs.xml.dist#L0
Application files are not permitted.
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: inc/plugins/class-stripe-api.php#L300
$_COOKIE['o_stripe_data'] not unslashed before sanitization. Use wp_unslash() or similar
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: inc/plugins/class-stripe-api.php#L278
$_SERVER['HTTPS'] not unslashed before sanitization. Use wp_unslash() or similar
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: inc/plugins/class-stripe-api.php#L77
$_GET['stripe_session_id'] not unslashed before sanitization. Use wp_unslash() or similar
PluginCheck.CodeAnalysis.ShortURL.Found: inc/class-pro.php#L124
Short URL detected (bit.ly). Use full URLs instead of URL shorteners.
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: inc/render/class-stripe-checkout-block.php#L118
$_GET['stripe_session_id'] not unslashed before sanitization. Use wp_unslash() or similar
PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound: inc/class-main.php#L64
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
trademarked_term: otter-blocks.php#L0
The plugin name includes a restricted term. Your chosen plugin name - "Otter – Page Builder Blocks & Extensions for Gutenberg" - contains the restricted term "gutenberg" which cannot be used at all in your plugin name.
plugin_header_nonexistent_domain_path: otter-blocks.php#L0
The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"
unexpected_markdown_file: AGENTS.md#L0
Unexpected markdown file "AGENTS.md" detected in plugin root. Only specific markdown files are expected in production plugins.
WordPress.Security.ValidatedSanitizedInput.MissingUnslash: plugins/otter-pro/inc/class-main.php#L214
$_GET['post_type'] not unslashed before sanitization. Use wp_unslash() or similar

Artifacts

Produced during runtime
Name Size Digest
plugin-check-results
2.66 KB
sha256:08a41d746bcee3a669e55cc0d0ebdbad747168fa61c9d11e7e6d372dc7abf7ef