Generic.PHP.ForbiddenFunctions.Found
Forbidden PHP function found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #102 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #103 | Justified Gallery | 23 | 589 | 1,417 | 9k+ | Non-prefixed global variable | ||
| #104 | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | 23 | 1,837 | 3,878 | 10k+ | Non-prefixed global variable | ||
| #105 | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates | 23 | 197 | 1,748 | 5k+ | Non-prefixed global variable | ||
| #106 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #107 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | Text Domain Mismatch | ||
| #108 | MasterStudy LMS WordPress Plugin – for Online Courses and Education | 23 | 1,419 | 4,875 | 10k+ | Non-prefixed global variable | ||
| #109 | Media Library Assistant | 23 | 1,144 | 3,943 | 70k+ | Nonce verification recommended | ||
| #110 | MediaPress | 23 | 904 | 583 | 4k+ | Output is not escaped | ||
| #111 | MStore API – Create Native Android & iOS Apps On The Cloud | 23 | 618 | 764 | 3k+ | SQL query is not prepared | ||
| #112 | MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO | 23 | 488 | 580 | 2k+ | Missing nonce verification | ||
| #113 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | ||
| #114 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | 23 | 2,119 | 986 | 400k+ | Text Domain Mismatch | ||
| #115 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | 23 | 4,159 | 1,553 | 100k+ | Output is not escaped | ||
| #116 | Pricing Table by Supsystic | 23 | 1,299 | 447 | 10k+ | Non Singular String Literal Domain | ||
| #117 | Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder | 23 | 856 | 1,365 | 10k+ | Non-prefixed global variable | ||
| #118 | Restrict – membership, site, content and user access restrictions for WordPress | 23 | 973 | 1,519 | 2k+ | Non-prefixed global variable | ||
| #119 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | Non-prefixed global variable | ||
| #120 | Slider by 10Web – Responsive Image Slider | 23 | 5,814 | 976 | 10k+ | Output is not escaped | ||
| #121 | Smart Slider 3 | 23 | 261 | 268 | 800k+ | Non-prefixed global variable | ||
| #122 | SiteOrigin Widgets Bundle | 23 | 607 | 455 | 400k+ | Output is not escaped | ||
| #123 | teachPress | 23 | 744 | 1,587 | 2k+ | SQL query is not prepared | ||
| #124 | The Events Calendar | 23 | 3,512 | 3,848 | 700k+ | Text Domain Mismatch | ||
| #125 | Travelpayouts | 23 | 769 | 110 | 6k+ | Output is not escaped | ||
| #126 | Directory Listings WordPress plugin – uListing | 23 | 947 | 1,573 | 1k+ | Non-prefixed global variable | ||
| #127 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 695 | 2,434 | 20k+ | Non-prefixed hook name | ||
| #128 | WHMCS Bridge | 23 | 247 | 472 | 4k+ | Nonce verification recommended | ||
| #129 | WP All Import – Product Import for WooCommerce | 23 | 1,475 | 209 | 20k+ | Non Singular String Literal Domain | ||
| #130 | Worth The Read | 23 | 873 | 138 | 3k+ | Text Domain Mismatch | ||
| #131 | WP Editor | 23 | 502 | 335 | 20k+ | Unsafe printing function | ||
| #132 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | 23 | 1,125 | 2,153 | 20k+ | Missing direct file access protection | ||
| #133 | WP Mega Menu | 23 | 992 | 792 | 8k+ | Non-prefixed global variable | ||
| #134 | WP Migrate Lite – Migration Made Easy | 23 | 368 | 254 | 200k+ | Exception output is not escaped | ||
| #135 | پارسی دیت – Parsi Date | 23 | 102 | 289 | 100k+ | Non-prefixed hook name | ||
| #136 | WP STAGING – WordPress Backup, Restore & Migration | 23 | 1,414 | 1,327 | 100k+ | Non-prefixed global variable | ||
| #137 | WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel | 23 | 1,119 | 3,516 | 20k+ | Interpolated SQL is not prepared | ||
| #138 | Comments – wpDiscuz | 23 | 620 | 1,180 | 70k+ | Non-prefixed global variable | ||
| #139 | Photo Engine (Media Organizer & Lightroom) | 23 | 252 | 650 | 2k+ | Direct Query | ||
| #140 | YITH Essential Kit for WooCommerce #1 | 23 | 397 | 1,481 | 5k+ | Non-prefixed global variable | ||
| #141 | YITH PayPal Express Checkout for WooCommerce | 23 | 387 | 1,443 | 1k+ | Non-prefixed global variable | ||
| #142 | YITH WooCommerce Affiliates | 23 | 549 | 1,527 | 6k+ | Non-prefixed global variable | ||
| #143 | YITH WooCommerce Ajax Product Filter | 23 | 463 | 1,527 | 80k+ | Non-prefixed global variable | ||
| #144 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | Output is not escaped | ||
| #145 | Ad Inserter – Ad Manager & AdSense Ads | 24 | 4,241 | 811 | 300k+ | Output is not escaped | ||
| #146 | Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces | 24 | 2,248 | 3,338 | 10k+ | slow db query meta key | ||
| #147 | Contact Form by Supsystic | 24 | 1,913 | 633 | 6k+ | Non Singular String Literal Domain | ||
| #148 | WPBot – ChatBot Conversational Forms | 24 | 1,254 | 1,226 | 2k+ | Text Domain Mismatch | ||
| #149 | CRM Perks Forms – WordPress Form Builder | 24 | 819 | 577 | 1k+ | Output is not escaped | ||
| #150 | Doubly – Cross Domain Copy Paste for WordPress | 24 | 252 | 55 | 10k+ | Output is not escaped |
