Generic.PHP.ForbiddenFunctions.Found
Forbidden PHP function found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #501 | Ultimate Tag Cloud Widget | 37 | 715 | 16 | 4k+ | Output is not escaped | ||
| #502 | AK Featured Post Widget | 38 | 135 | 4 | 400 | Output is not escaped | ||
| #503 | BuddyPress Follow | 38 | 114 | 67 | 1k+ | Text Domain Mismatch | ||
| #504 | Category Posts Widget | 38 | 153 | 26 | 40k+ | Output is not escaped | ||
| #505 | Checkout Files Upload for WooCommerce | 38 | 57 | 120 | 7k+ | Input is not sanitized | ||
| #506 | Custom Menu Wizard Widget | 38 | 326 | 30 | 2k+ | Output is not escaped | ||
| #507 | Decent Comments | 38 | 93 | 28 | 2k+ | Output is not escaped | ||
| #508 | EU Cookie Law Compliance | 38 | 151 | 22 | 2k+ | Non Singular String Literal Domain | ||
| #509 | WP Team – WordPress Team Member Plugin | 38 | 537 | 36 | 600 | Text Domain Mismatch | ||
| #510 | Insert PHP Code Snippet | 38 | 164 | 227 | 90k+ | Output is not escaped | ||
| #511 | Auto SEO META keywords (META tags keywords) optimization + WooCommerce | 38 | 63 | 34 | 700 | Output is not escaped | ||
| #512 | MultiLine Files for Contact Form 7 | 38 | 98 | 40 | 9k+ | Text Domain Mismatch | ||
| #513 | Note – A live edit text widget | 38 | 118 | 49 | 1k+ | Output is not escaped | ||
| #514 | Ozh' Better Feed | 38 | 45 | 35 | 600 | Heredoc Output Not Escaped | ||
| #515 | Popular Widget | 38 | 61 | 30 | 700 | Unsafe printing function | ||
| #516 | qTranslate META | 38 | 88 | 26 | 400 | Output is not escaped | ||
| #517 | Recent Posts Plus | 38 | 111 | 4 | 1k+ | Output is not escaped | ||
| #518 | Restrict Widgets | 38 | 135 | 40 | 4k+ | Non Singular String Literal Domain | ||
| #519 | Like This | 38 | 60 | 17 | 1k+ | Output is not escaped | ||
| #520 | Author Image | 38 | 51 | 33 | 1k+ | Output is not escaped | ||
| #521 | Shapely Companion | 38 | 49 | 39 | 10k+ | Output is not escaped | ||
| #522 | Smart Maintenance Mode | 38 | 137 | 128 | 1k+ | Output is not escaped | ||
| #523 | Logo Slider , Logo Carousel , Logo showcase , Client Logo | 38 | 72 | 22 | 1k+ | Output is not escaped | ||
| #524 | TopList.cz | 38 | 138 | 7 | 400 | Output is not escaped | ||
| #525 | Twiget Twitter Widget | 38 | 147 | 36 | 500 | Output is not escaped | ||
| #526 | WP Redirects – Contact Form 7 | 38 | 50 | 71 | 400 | Unsafe printing function | ||
| #527 | Advanced Recent Posts Widget | 39 | 105 | 2 | 1k+ | Output is not escaped | ||
| #528 | Advanced Spoiler | 39 | 106 | 19 | 600 | Non Singular String Literal Domain | ||
| #529 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 16 | 47 | 10k+ | Request data is not unslashed | ||
| #530 | Content Visibility for Divi Builder | 39 | 184 | 59 | 2k+ | Non Singular String Literal Domain | ||
| #531 | Cookies for Comments | 39 | 22 | 29 | 20k+ | Input is not validated | ||
| #532 | Gallery Widget | 39 | 122 | 11 | 500 | Output is not escaped | ||
| #533 | HD Quiz | 39 | 252 | 82 | 7k+ | Output is not escaped | ||
| #534 | JJ NextGen JQuery Carousel | 39 | 122 | 9 | 400 | Output is not escaped | ||
| #535 | JJ NextGen JQuery Slider | 39 | 221 | 7 | 800 | Output is not escaped | ||
| #536 | Menubar | 39 | 171 | 46 | 1k+ | Output is not escaped | ||
| #537 | SKP WP Admin Login Captcha | 39 | 77 | 18 | 1k+ | Output is not escaped | ||
| #538 | Slider Text Scroll | 39 | 95 | 52 | 400 | Text Domain Mismatch | ||
| #539 | OpenHook | 39 | 172 | 22 | 1k+ | Unsafe printing function | ||
| #540 | Smart Variation Swatches and Attribute Filters for WooCommerce | 39 | 39 | 50 | 3k+ | Output is not escaped | ||
| #541 | Woo Button Text | 39 | 53 | 21 | 500 | Output is not escaped | ||
| #542 | Subscribe Button by AddToAny | 40 | 93 | 47 | 900 | Output is not escaped | ||
| #543 | Eventer | 40 | 61 | 55 | 1k+ | Output is not escaped | ||
| #544 | Featured Post | 40 | 36 | 18 | 900 | Output is not escaped | ||
| #545 | If Widget – Visibility control for Widgets | 40 | 99 | 25 | 1k+ | Unsafe printing function | ||
| #546 | IFrame Widget | 40 | 87 | 1 | 500 | Output is not escaped | ||
| #547 | NextGEN Gallery Sidebar Widget | 40 | 59 | 10 | 600 | Output is not escaped | ||
| #548 | Owl Carousel WP | 40 | 62 | 19 | 1k+ | Output is not escaped | ||
| #549 | Post Ratings | 40 | 160 | 32 | 600 | Output is not escaped | ||
| #550 | Recent & Featured Posts Widget | 40 | 124 | 2 | 600 | Output is not escaped |