Generic.PHP.ForbiddenFunctions.Found
Forbidden PHP function found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #351 | PhastPress | 29 | 95 | 52 | 10k+ | Exception output is not escaped | ||
| #352 | PlatiOnline Payments | 29 | 304 | 110 | 700 | Output is not escaped | ||
| #353 | Post Views Counter | 29 | 179 | 398 | 200k+ | Non-prefixed hook name | ||
| #354 | Responder | 29 | 77 | 185 | 3k+ | Non-prefixed global variable | ||
| #355 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | Direct Query | ||
| #356 | Post Grid Gutenberg Blocks – PostX | 29 | 135 | 404 | 40k+ | Non-prefixed global variable | ||
| #357 | WP Popular Posts | 29 | 77 | 300 | 100k+ | Non-prefixed global variable | ||
| #358 | WPComplete | 29 | 383 | 333 | 1k+ | Output is not escaped | ||
| #359 | Dynamic Pricing With Discount Rules for WooCommerce | 30 | 136 | 131 | 5k+ | Output is not escaped | ||
| #360 | Aitasi Coming Soon | 30 | 516 | 186 | 1k+ | Output is not escaped | ||
| #361 | Blockons – Gutenberg blocks for WordPress and WooCommerce websites | 30 | 69 | 205 | 700 | Non-prefixed global variable | ||
| #362 | Import WooCommerce Suite for Products, Orders, Coupons, Reviews, and Customers | WP Ultimate CSV Importer | 30 | 80 | 434 | 4k+ | Interpolated SQL is not prepared | ||
| #363 | Invisible reCaptcha for WordPress | 30 | 90 | 185 | 80k+ | Input is not sanitized | ||
| #364 | Pixelgrade Assistant | 30 | 1,350 | 153 | 2k+ | Text Domain Mismatch | ||
| #365 | Travelers' Map | 30 | 311 | 155 | 1k+ | Output is not escaped | ||
| #366 | Waitlist Woocommerce ( Back in stock notifier ) | 30 | 272 | 311 | 4k+ | Output is not escaped | ||
| #367 | Widget Manager Light | 30 | 233 | 83 | 600 | Text Domain Mismatch | ||
| #368 | Widgetize Pages Light | 30 | 145 | 104 | 3k+ | Output is not escaped | ||
| #369 | YayPricing – WooCommerce Dynamic Pricing & Discounts | 30 | 174 | 186 | 3k+ | Non-prefixed global variable | ||
| #370 | YITH Pre-Order for WooCommerce | 30 | 397 | 1,464 | 6k+ | Non-prefixed global variable | ||
| #371 | YITH WooCommerce Popup | 30 | 395 | 1,551 | 2k+ | Non-prefixed global variable | ||
| #372 | YITH WooCommerce Product Slider Carousel | 30 | 389 | 1,479 | 4k+ | Non-prefixed global variable | ||
| #373 | Extra Product Options Builder for WooCommerce | 31 | 113 | 194 | 2k+ | Non-prefixed global variable | ||
| #374 | Asgaros Forum | 31 | 167 | 412 | 10k+ | Output is not escaped | ||
| #375 | cformsII | 31 | 777 | 536 | 4k+ | Unsafe printing function | ||
| #376 | Download Plugin | 31 | 78 | 102 | 60k+ | Output is not escaped | ||
| #377 | Easy Upload Files During Checkout | 31 | 220 | 208 | 500 | Unsafe printing function | ||
| #378 | g-FFL Checkout | 31 | 249 | 300 | 600 | Request data is not unslashed | ||
| #379 | HT Mega – Absolute Addons for WPBakery Page Builder | 31 | 2,740 | 115 | 900 | Text Domain Mismatch | ||
| #380 | Kindeditor For WordPress | 31 | 63 | 130 | 500 | Non-prefixed global variable | ||
| #381 | MainWP Dashboard: Self-hosted WordPress Management for Agencies | 31 | 95 | 317 | 20k+ | Interpolated SQL is not prepared | ||
| #382 | Qode Essential Addons | 31 | 55 | 295 | 10k+ | Non-prefixed global variable | ||
| #383 | Sidebar Manager Light | 31 | 221 | 76 | 1k+ | Text Domain Mismatch | ||
| #384 | Page Builder by SiteOrigin | 31 | 226 | 214 | 400k+ | Output is not escaped | ||
| #385 | Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets | 31 | 837 | 295 | 100k+ | Unsafe printing function | ||
| #386 | WP Easy Uploader | 31 | 202 | 113 | 600 | Non Singular String Literal Domain | ||
| #387 | One to one user Chat by WPGuppy | 31 | 74 | 187 | 700 | Non-prefixed global variable | ||
| #388 | WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite | 31 | 133 | 438 | 600 | Non-prefixed global variable | ||
| #389 | YITH Color and Label Variations for WooCommerce | 31 | 393 | 1,428 | 9k+ | Non-prefixed global variable | ||
| #390 | YITH WooCommerce Brands Add-On | 31 | 393 | 1,425 | 9k+ | Non-prefixed global variable | ||
| #391 | YITH WooCommerce Catalog Mode | 31 | 380 | 1,418 | 60k+ | Non-prefixed global variable | ||
| #392 | YITH WooCommerce Featured Video | 31 | 383 | 1,434 | 3k+ | Non-prefixed global variable | ||
| #393 | YITH Frequently Bought Together for WooCommerce | 31 | 389 | 1,452 | 8k+ | Non-prefixed global variable | ||
| #394 | YITH WooCommerce Order & Shipment Tracking | 31 | 380 | 1,420 | 7k+ | Non-prefixed global variable | ||
| #395 | YITH Request a Quote for WooCommerce | 31 | 408 | 1,481 | 10k+ | Non-prefixed global variable | ||
| #396 | YITH WooCommerce Tab Manager | 31 | 395 | 1,429 | 4k+ | Non-prefixed global variable | ||
| #397 | PayPal Zettle POS for WooCommerce | 31 | 302 | 44 | 4k+ | Exception output is not escaped | ||
| #398 | Aqua Page Builder | 32 | 320 | 114 | 3k+ | Output is not escaped | ||
| #399 | Author Avatars List/Block | 32 | 85 | 135 | 4k+ | Non-prefixed hook name | ||
| #400 | Code Manager | 32 | 217 | 261 | 500 | Nonce verification recommended |