Generic.PHP.ForbiddenFunctions.Found
Forbidden PHP function found
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | Tumult Hype Animations | 32 | 56 | 117 | 1k+ | Output is not escaped | ||
| #402 | UiCore Blocks – Free WordPress Gutenberg Blocks | 32 | 59 | 387 | 500 | Non-prefixed global variable | ||
| #403 | Secure Client Portal and Private File Sharing Plugin – User Private Files | 32 | 183 | 510 | 1k+ | Non-prefixed global variable | ||
| #404 | Sola Payment Gateway for WooCommerce | 32 | 112 | 115 | 700 | Missing Translators Comment | ||
| #405 | wpDirAuth | 32 | 250 | 135 | 600 | wp function not compatible with requires wp | ||
| #406 | WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More | 32 | 165 | 273 | 5m+ | Non-prefixed global variable | ||
| #407 | YITH Infinite Scrolling | 32 | 387 | 1,417 | 10k+ | Non-prefixed global variable | ||
| #408 | YITH WooCommerce Badge Management | 32 | 413 | 1,446 | 10k+ | Non-prefixed global variable | ||
| #409 | YITH WooCommerce Compare | 32 | 422 | 1,508 | 100k+ | Non-prefixed global variable | ||
| #410 | YITH WooCommerce Quick View | 32 | 388 | 1,420 | 90k+ | Non-prefixed global variable | ||
| #411 | Extra Product Options Builder for WooCommerce | 33 | 101 | 155 | 2k+ | Non-prefixed hook name | ||
| #412 | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | 33 | 33 | 229 | 9k+ | Non-prefixed global variable | ||
| #413 | Ultimate Before After Image Slider & Gallery – BEAF | 33 | 488 | 87 | 30k+ | Text Domain Mismatch | ||
| #414 | Activity Plus Reloaded for BuddyPress | 33 | 88 | 93 | 1k+ | Output is not escaped | ||
| #415 | Companion Auto Update | 33 | 159 | 298 | 50k+ | Direct Query | ||
| #416 | Countdown Timer | 33 | 311 | 17 | 900 | Text Domain Mismatch | ||
| #417 | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | 33 | 265 | 230 | 40k+ | Output is not escaped | ||
| #418 | FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN | 33 | 51 | 333 | 4k+ | Request data is not unslashed | ||
| #419 | Membership For WooCommerce | 33 | 40 | 658 | 800 | Non-prefixed global variable | ||
| #420 | Nomad World Map | 33 | 424 | 191 | 700 | Text Domain Mismatch | ||
| #421 | Picture Gallery – Frontend Image Uploads, AJAX Photo List | 33 | 112 | 150 | 400 | Request data is not unslashed | ||
| #422 | Pixelgrade Assistant | 33 | 665 | 141 | 2k+ | Text Domain Mismatch | ||
| #423 | Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce | 33 | 424 | 69 | 400 | Non Singular String Literal Domain | ||
| #424 | Multi-Carrier Shippo Shipping Rates & Address Validation for WooCommerce | 33 | 411 | 73 | 3k+ | Non Singular String Literal Domain | ||
| #425 | Webmention | 33 | 64 | 89 | 900 | Output is not escaped | ||
| #426 | Product Addons for Woocommerce – Product Options with Custom Fields | 33 | 124 | 114 | 30k+ | Output is not escaped | ||
| #427 | WOW Slider | 33 | 176 | 101 | 3k+ | Output is not escaped | ||
| #428 | WP Edit | 33 | 337 | 137 | 40k+ | Unsafe printing function | ||
| #429 | All In One Favicon | 34 | 214 | 62 | 60k+ | Output is not escaped | ||
| #430 | Cornerstone | 34 | 161 | 174 | 30k+ | Nonce verification recommended | ||
| #431 | DD Last Viewed | 34 | 193 | 132 | 500 | Output is not escaped | ||
| #432 | Debug Log Manager Tool | 34 | 44 | 143 | 3k+ | Nonce verification recommended | ||
| #433 | Edit Flow | 34 | 103 | 227 | 4k+ | Non-prefixed hook name | ||
| #434 | Einsatzverwaltung | 34 | 152 | 128 | 1k+ | Output is not escaped | ||
| #435 | Enhanced Text Widget | 34 | 101 | 58 | 30k+ | Output is not escaped | ||
| #436 | Gitium | 34 | 149 | 57 | 400 | Output is not escaped | ||
| #437 | Hitsteps Web Analytics | 34 | 370 | 313 | 800 | Output is not escaped | ||
| #438 | HTML Import 2 | 34 | 273 | 26 | 5k+ | Unsafe printing function | ||
| #439 | MantraBrain Starter Sites | MantraBrain Theme Demo Importer | 34 | 117 | 61 | 1k+ | Output is not escaped | ||
| #440 | Mass Ping Tool for SEO – WordPress ping list to get indexed faster on Google, Yandex, … | 34 | 78 | 102 | 500 | Output is not escaped | ||
| #441 | OTP Login & Register Woocommerce | 34 | 148 | 202 | 1k+ | Missing nonce verification | ||
| #442 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #443 | WP Custom Admin Interface | 34 | 263 | 118 | 30k+ | Unsafe printing function | ||
| #444 | ACF Content Analysis for Yoast SEO | 35 | 9 | 17 | 100k+ | Non-prefixed constant | ||
| #445 | AdPlugg WordPress Ad Plugin | 35 | 58 | 17 | 500 | Missing direct file access protection | ||
| #446 | AnsPress – Question and answer | 35 | 22 | 778 | 3k+ | Non-prefixed function | ||
| #447 | Authors Widget | 35 | 170 | 19 | 1k+ | Output is not escaped | ||
| #448 | Gutenberg Block Editor Toolkit – EditorsKit | 35 | 61 | 25 | 20k+ | Text Domain Mismatch | ||
| #449 | Wbcom Designs – Custom Font Uploader | 35 | 340 | 123 | 3k+ | Text Domain Mismatch | ||
| #450 | Easy Noindex And Nofollow | 35 | 55 | 18 | 400 | Output is not escaped |
