Generic.PHP.ForbiddenFunctions.Found
PHP Forbidden Functions Found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #301 | WOW Slider | 33 | 176 | 101 | 3k+ | Output Not Escaped | |
| #302 | WP Edit | 33 | 337 | 137 | 40k+ | Unsafe Printing Function | |
| #303 | All In One Favicon | 34 | 214 | 62 | 60k+ | Output Not Escaped | |
| #304 | Cornerstone | 34 | 161 | 174 | 30k+ | Recommended | |
| #305 | Edit Flow | 34 | 103 | 227 | 4k+ | Non Prefixed Hookname Found | |
| #306 | Enhanced Text Widget | 34 | 101 | 58 | 30k+ | Output Not Escaped | |
| #307 | FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN | 34 | 49 | 324 | 4k+ | Missing Unslash | |
| #308 | HTML Import 2 | 34 | 273 | 26 | 5k+ | Unsafe Printing Function | |
| #309 | WP Custom Admin Interface | 34 | 263 | 118 | 30k+ | Unsafe Printing Function | |
| #310 | ACF Content Analysis for Yoast SEO | 35 | 9 | 17 | 100k+ | Non Prefixed Constant Found | |
| #311 | AnsPress – Question and answer | 35 | 22 | 778 | 3k+ | Non Prefixed Function Found | |
| #312 | Gutenberg Block Editor Toolkit – EditorsKit | 35 | 61 | 25 | 30k+ | Text Domain Mismatch | |
| #313 | Wbcom Designs – Custom Font Uploader | 35 | 340 | 123 | 3k+ | Text Domain Mismatch | |
| #314 | Image Slider | 35 | 192 | 95 | 4k+ | Output Not Escaped | |
| #315 | ImageMagick Engine | 35 | 63 | 29 | 60k+ | Unsafe Printing Function | |
| #316 | User Import with meta – WP Ultimate CSV Importer Add-on | 35 | 27 | 140 | 5k+ | Interpolated Not Prepared | |
| #317 | Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts | 35 | 64 | 91 | 60k+ | Output Not Escaped | |
| #318 | MainWP Child Reports | 35 | 49 | 116 | 100k+ | Non Prefixed Hookname Found | |
| #319 | One Page Express Companion | 35 | 132 | 65 | 10k+ | Output Not Escaped | |
| #320 | Simple History – Track, Log, and Audit WordPress Changes | 35 | 32 | 122 | 300k+ | Non Prefixed Variable Found | |
| #321 | SiteOrigin CSS | 35 | 61 | 84 | 100k+ | Not In Footer | |
| #322 | User Photo | 35 | 112 | 68 | 3k+ | Output Not Escaped | |
| #323 | Custom Payment Gateways for WooCommerce | 35 | 202 | 31 | 3k+ | Non Singular String Literal Domain | |
| #324 | WPGraphQL | 35 | 11 | 86 | 30k+ | Non Prefixed Hookname Found | |
| #325 | WP Mailto Links – Protect Email Addresses | 35 | 95 | 69 | 8k+ | Output Not Escaped | |
| #326 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | Output Not Escaped | |
| #327 | Code Snippets | 36 | 34 | 203 | 1m+ | Recommended | |
| #328 | Drag and Drop Multiple File Upload for Contact Form 7 | 36 | 82 | 36 | 60k+ | wp function not compatible with requires wp | |
| #329 | M Chart | 36 | 29 | 155 | 4k+ | Non Prefixed Variable Found | |
| #330 | Materialis Companion | 36 | 129 | 67 | 6k+ | Unsafe Printing Function | |
| #331 | WowStore – Store Builder & Product Blocks for WooCommerce | 36 | 66 | 429 | 4k+ | Non Prefixed Variable Found | |
| #332 | Search Everything | 36 | 165 | 77 | 10k+ | Text Domain Mismatch | |
| #333 | Debug Log Manager Tool | 37 | 33 | 108 | 3k+ | Recommended | |
| #334 | HT Menu – WordPress Mega Menu Builder for Elementor | 37 | 300 | 60 | 3k+ | Text Domain Mismatch | |
| #335 | JVM Rich Text Icons | 37 | 86 | 34 | 3k+ | Output Not Escaped | |
| #336 | Maintenance Page | 37 | 62 | 33 | 3k+ | Output Not Escaped | |
| #337 | Max Mega Menu | 37 | 249 | 174 | 300k+ | Output Not Escaped | |
| #338 | Page scroll to id | 37 | 38 | 120 | 100k+ | Missing | |
| #339 | Ultimate Tag Cloud Widget | 37 | 715 | 16 | 4k+ | Output Not Escaped | |
| #340 | Category Posts Widget | 38 | 153 | 26 | 40k+ | Output Not Escaped | |
| #341 | Checkout Files Upload for WooCommerce | 38 | 57 | 120 | 7k+ | Input Not Sanitized | |
| #342 | Custom Menu Wizard Widget | 38 | 326 | 30 | 3k+ | Output Not Escaped | |
| #343 | EU Cookie Law Compliance | 38 | 151 | 22 | 2k+ | Non Singular String Literal Domain | |
| #344 | Insert PHP Code Snippet | 38 | 164 | 227 | 90k+ | Output Not Escaped | |
| #345 | MultiLine Files for Contact Form 7 | 38 | 98 | 40 | 9k+ | Text Domain Mismatch | |
| #346 | Restrict Widgets | 38 | 135 | 40 | 4k+ | Non Singular String Literal Domain | |
| #347 | Shapely Companion | 38 | 49 | 39 | 10k+ | Output Not Escaped | |
| #348 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 17 | 50 | 10k+ | Missing Unslash | |
| #349 | Content Visibility for Divi Builder | 39 | 184 | 59 | 2k+ | Non Singular String Literal Domain | |
| #350 | Cookies for Comments | 39 | 22 | 29 | 20k+ | Input Not Validated |
