PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected

ABSPATHDetected

The plugin writes files in or near plugin-controlled directories.

medium weight

Why It Shows Up

Plugin Check found file creation or modification behavior that may affect the plugin directory or executable files.

Why It Matters

Runtime writes to plugin code directories can break updates, create permission issues, or introduce supply-chain risk.

How to Fix

Store generated data in uploads, cache, or another WordPress-approved writable location.
Validate paths and file names against strict allowlists.
Avoid modifying plugin source files at runtime.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	BulletProof Security	0	5,048	4,949	20k+	1 month ago	Output is not escaped
#2	Themify Builder	9	5,195	2,096	5k+	6 days ago	Text Domain Mismatch
#3	AnyComment	17	445	449	5k+	4 years ago	Output is not escaped
#4	wpForo Forum	17	4,033	2,922	20k+	22 days ago	Unsafe printing function
#5	Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	19	1,295	2,679	9k+	7 days ago	Output is not escaped
#6	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception output is not escaped
#7	Backup Migration	21	981	1,093	80k+	17 days ago	Non-prefixed global variable
#8	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	6 days ago	Exception output is not escaped
#9	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output is not escaped
#10	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#11	Premium Packages – Sell Digital Products Securely	21	2,765	2,444	3k+	6 months ago	Output is not escaped
#12	Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots	22	1,604	2,019	10k+	12 days ago	Direct Query
#13	BuddyPress	22	583	9,008	100k+	9 months ago	Non-prefixed function
#14	Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer	22	2,858	1,270	50k+	2 months ago	Text Domain Mismatch
#15	InfiniteWP Client	22	2,286	1,812	200k+	4 months ago	Exception output is not escaped
#16	NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall	22	1,265	2,065	100k+	15 days ago	Non-prefixed global variable
#17	PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP	22	984	407	5k+	2 years ago	Unsafe printing function
#18	Admin and Site Enhancements (ASE)	23	136	330	200k+	yesterday	Nonce verification recommended
#19	Beds24 Online Booking	23	532	374	2k+	1 year ago	wp function not compatible with requires wp
#20	Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	23	1,053	967	700k+	25 days ago	Missing Translators Comment
#21	CleanTalk Anti-Spam. Spam Firewall & Bot protection	23	826	1,078	200k+	4 days ago	Missing nonce verification
#22	MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO	23	488	580	2k+	1 month ago	Missing nonce verification
#23	Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	23	2,119	986	400k+	26 days ago	Text Domain Mismatch
#24	Photo Gallery by 10Web – Mobile-Friendly Image Gallery	23	4,159	1,553	100k+	24 days ago	Output is not escaped
#25	Slider by 10Web – Responsive Image Slider	23	5,814	976	10k+	1 year ago	Output is not escaped
#26	The Pack Elementor addon	23	556	1,180	2k+	13 days ago	Non-prefixed global variable
#27	Tutor LMS – eLearning and online course solution	23	395	3,402	100k+	5 days ago	Non-prefixed global variable
#28	Germanized for WooCommerce	23	219	1,054	70k+	today	Non-prefixed global variable
#29	WP STAGING – WordPress Backup, Restore & Migration	23	1,414	1,327	100k+	1 month ago	Non-prefixed global variable
#30	A2 Optimized WP – Turbocharge and secure your WordPress site	24	271	231	60k+	1 year ago	Missing Arg Domain
#31	All-In-One Security (AIOS) – Security and Firewall	24	552	1,228	1m+	17 days ago	Non-prefixed global variable
#32	Backuply – Backup, Restore, Migrate and Clone	24	704	551	700k+	26 days ago	Non-prefixed global variable
#33	Defender Security – Malware Scanner, Login Security & Firewall	24	306	518	80k+	3 months ago	Non-prefixed namespace
#34	InstaWP Connect – 1-click WP Staging & Migration	24	253	811	40k+	5 days ago	Non-prefixed global variable
#35	Security Plugin, Firewall & Malware Scanner with Auto Removal	24	1,192	770	30k+	today	Output is not escaped
#36	SEO Engine – Smart SEO with AI, Schema & Redirection for WordPress	24	236	304	1k+	8 days ago	Direct Query
#37	Slideshow Gallery LITE	24	896	414	5k+	12 days ago	Output is not escaped
#38	Vimeography: Vimeo Video Gallery WordPress Plugin	24	98	212	5k+	6 days ago	Nonce verification recommended
#39	Payment Gateway for PayPal on WooCommerce	24	153	561	10k+	20 days ago	Nonce verification recommended
#40	WP Fastest Cache – WordPress Cache Plugin	24	541	753	1m+	1 month ago	Unsafe printing function
#41	WP Job Portal – AI-Powered Recruitment System for Company or Job Board website	24	69	1,089	8k+	4 days ago	Missing Version
#42	Export All Posts, Products, Orders, Refunds & Users	24	363	1,130	7k+	1 month ago	Direct Query
#43	Animated Number Counters	25	408	1,949	2k+	15 days ago	Non-prefixed global variable
#44	Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid	25	243	854	50k+	1 month ago	Non-prefixed global variable
#45	Breeze Cache	25	217	790	400k+	10 days ago	Non-prefixed global variable
#46	FlatPM – Ad Manager, AdSense and Custom Code	25	3,017	557	10k+	6 months ago	Text Domain Mismatch
#47	Index WP MySQL For Speed	25	250	255	50k+	2 months ago	Output is not escaped
#48	LWS Optimize – All-in-One Speed Booster & Cache Tools	25	430	764	20k+	7 days ago	Non-prefixed global variable
#49	BerqWP – Automatic WordPress Website Speed Optimization	25	198	501	3k+	3 days ago	Non-prefixed global variable
#50	Sitemap by click5	25	286	132	6k+	3 years ago	Unsafe printing function