Generic.PHP.ForbiddenFunctions.Found
Forbidden PHP function found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #451 | Easy Noindex And Nofollow | 35 | 55 | 18 | 400 | Output is not escaped | ||
| #452 | Enhanced Recent Posts | 35 | 78 | 24 | 400 | Output is not escaped | ||
| #453 | EnvíaloSimple: Email Marketing y Newsletters | 35 | 147 | 250 | 2k+ | Nonce verification recommended | ||
| #454 | Force Reinstall | 35 | 118 | 34 | 2k+ | Output is not escaped | ||
| #455 | Image Slider | 35 | 192 | 95 | 4k+ | Output is not escaped | ||
| #456 | ImageMagick Engine | 35 | 63 | 29 | 60k+ | Unsafe printing function | ||
| #457 | Import Users & Customers with Meta | WP Ultimate CSV Importer Add-on | 35 | 27 | 140 | 5k+ | Interpolated SQL is not prepared | ||
| #458 | Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts | 35 | 64 | 91 | 60k+ | Output is not escaped | ||
| #459 | MainWP Child Reports | 35 | 49 | 116 | 100k+ | Non-prefixed hook name | ||
| #460 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | Missing direct file access protection | ||
| #461 | MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet | 35 | 33 | 289 | 500 | Non-prefixed global variable | ||
| #462 | One Page Express Companion | 35 | 132 | 65 | 10k+ | Output is not escaped | ||
| #463 | Popular Posts | 35 | 166 | 71 | 900 | Unsafe printing function | ||
| #464 | Simple History – Track, Log, and Audit WordPress Changes | 35 | 32 | 122 | 300k+ | Non-prefixed global variable | ||
| #465 | SiteOrigin CSS | 35 | 61 | 84 | 100k+ | Not In Footer | ||
| #466 | Theme Blvd Layout Builder | 35 | 207 | 169 | 2k+ | Output is not escaped | ||
| #467 | User Photo | 35 | 112 | 68 | 3k+ | Output is not escaped | ||
| #468 | Multi-Carrier ShipStation Shipping Rates for WooCommerce | 35 | 403 | 71 | 900 | Non Singular String Literal Domain | ||
| #469 | Custom Payment Gateways for WooCommerce | 35 | 202 | 31 | 3k+ | Non Singular String Literal Domain | ||
| #470 | WPGraphQL | 35 | 10 | 86 | 30k+ | Non-prefixed hook name | ||
| #471 | WP Mailto Links – Protect Email Addresses | 35 | 95 | 69 | 8k+ | Output is not escaped | ||
| #472 | WP-Markdown | 35 | 31 | 39 | 400 | Output is not escaped | ||
| #473 | WP System Information | 35 | 237 | 30 | 700 | Text Domain Mismatch | ||
| #474 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | Output is not escaped | ||
| #475 | BP Group Documents | 36 | 27 | 195 | 600 | Non-prefixed global variable | ||
| #476 | Better WordPress Recent Comments | 36 | 319 | 69 | 600 | Text Domain Mismatch | ||
| #477 | Code Snippets | 36 | 34 | 203 | 1m+ | Nonce verification recommended | ||
| #478 | CSH Login | 36 | 126 | 41 | 500 | Output is not escaped | ||
| #479 | Drag and Drop Multiple File Upload for Contact Form 7 | 36 | 82 | 36 | 60k+ | wp function not compatible with requires wp | ||
| #480 | IntelliWidget Per Page Custom Menus and Dynamic Content | 36 | 586 | 162 | 600 | Output is not escaped | ||
| #481 | Linkable Title Html and Php Widget | 36 | 108 | 31 | 600 | Output is not escaped | ||
| #482 | M Chart | 36 | 29 | 155 | 3k+ | Non-prefixed global variable | ||
| #483 | Materialis Companion | 36 | 129 | 67 | 6k+ | Unsafe printing function | ||
| #484 | Multiple Sidebars | 36 | 109 | 75 | 600 | Non Singular String Literal Domain | ||
| #485 | WowStore – Store Builder & Product Blocks for WooCommerce | 36 | 66 | 429 | 4k+ | Non-prefixed global variable | ||
| #486 | Recent Posts | 36 | 106 | 30 | 500 | Text Domain Mismatch | ||
| #487 | Search Everything | 36 | 165 | 77 | 10k+ | Text Domain Mismatch | ||
| #488 | SurveyJS: Drag & Drop Form Builder | 36 | 12 | 134 | 500 | Missing Version | ||
| #489 | WC Builder – WooCommerce Page Builder for WPBakery | 36 | 647 | 50 | 1k+ | Text Domain Mismatch | ||
| #490 | Crafty Social Buttons | 37 | 279 | 27 | 1k+ | Non Singular String Literal Domain | ||
| #491 | HT Builder – WordPress Theme Builder for Elementor | 37 | 142 | 41 | 900 | Output is not escaped | ||
| #492 | HT Menu – WordPress Mega Menu Builder for Elementor | 37 | 300 | 60 | 3k+ | Text Domain Mismatch | ||
| #493 | Humans TXT | 37 | 159 | 86 | 400 | Output is not escaped | ||
| #494 | Images Optimize and Upload CF7 | 37 | 130 | 36 | 600 | Non Singular String Literal Domain | ||
| #495 | JVM Rich Text Icons | 37 | 87 | 34 | 3k+ | Output is not escaped | ||
| #496 | Maintenance Page | 37 | 62 | 33 | 3k+ | Output is not escaped | ||
| #497 | Max Mega Menu | 37 | 249 | 174 | 300k+ | Output is not escaped | ||
| #498 | NextGEN Scroll Gallery | 37 | 33 | 28 | 1k+ | Output is not escaped | ||
| #499 | Off-Canvas Sidebars & Menus (Slidebars) | 37 | 457 | 12 | 1k+ | Non Singular String Literal Domain | ||
| #500 | Page scroll to id | 37 | 38 | 120 | 100k+ | Missing nonce verification |
