WordPress.Security.PluginMenuSlug.Using__FILE__
Using FILE
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #51 | Crisp – Live Chat and Chatbot | 40 | 24 | 20 | 20k+ | Unsafe Printing Function | |
| #52 | Ultimate Noindex Nofollow Tool II | 40 | 38 | 51 | 3k+ | Input Not Validated | |
| #53 | Visual Editor Custom Buttons | 40 | 30 | 48 | 4k+ | Output Not Escaped | |
| #54 | Wider Admin Menu | 40 | 76 | 17 | 2k+ | Output Not Escaped | |
| #55 | AddQuicktag | 41 | 86 | 10 | 100k+ | Output Not Escaped | |
| #56 | MouseWheel Smooth Scroll | 41 | 104 | 7 | 100k+ | Text Domain Mismatch | |
| #57 | OSS Aliyun | 41 | 19 | 40 | 3k+ | Missing Unslash | |
| #58 | Share a Draft | 41 | 39 | 6 | 3k+ | Output Not Escaped | |
| #59 | Etsy Shop | 42 | 58 | 21 | 3k+ | Unsafe Printing Function | |
| #60 | Login No Captcha reCAPTCHA | 42 | 45 | 24 | 60k+ | Unsafe Printing Function | |
| #61 | PDF Thumbnail Generator | 42 | 26 | 16 | 2k+ | Output Not Escaped | |
| #62 | reCAPTCHA for WooCommerce | 42 | 80 | 31 | 40k+ | Output Not Escaped | |
| #63 | Ultimate Category Excluder | 42 | 22 | 26 | 50k+ | Missing | |
| #64 | Format Media Titles | 45 | 33 | 4 | 5k+ | Unsafe Printing Function | |
| #65 | Goftino | 45 | 16 | 20 | 10k+ | Output Not Escaped | |
| #66 | Website Article Monetization By MageNet | 47 | 17 | 24 | 10k+ | Output Not Escaped | |
| #67 | Disable Author Pages | 48 | 23 | 5 | 6k+ | Unsafe Printing Function | |
| #68 | Block Plugin Update | 49 | 16 | 15 | 6k+ | missing direct file access protection | |
| #69 | Disable Site | 50 | 26 | 3 | 4k+ | Output Not Escaped | |
| #70 | WP SVG Images | 50 | 58 | 12 | 30k+ | Text Domain Mismatch | |
| #71 | Age Gate Lite | 52 | 28 | 3 | 2k+ | Output Not Escaped | |
| #72 | Meta Generator and Version Info Remover | 52 | 20 | 28 | 10k+ | Non Prefixed Function Found | |
| #73 | Podium | 52 | 21 | 23 | 5k+ | missing direct file access protection | |
| #74 | CSV Importer | 54 | 24 | 11 | 3k+ | file system operations fclose | |
| #75 | Custom Upload Dir | 55 | 63 | 7 | 5k+ | Missing Arg Domain | |
| #76 | Virtual Robots.txt | 55 | 10 | 21 | 40k+ | Input Not Validated | |
| #77 | Remove CPT base | 58 | 15 | 16 | 10k+ | Input Not Sanitized | |
| #78 | Chat Button & Custom ChatGPT-Powered Bot by GetButton.io | 58 | 26 | 8 | 20k+ | Non Prefixed Function Found | |
| #79 | Compact WP Audio Player | 61 | 12 | 21 | 20k+ | Non Prefixed Function Found | |
| #80 | CP Media Player – Audio Player and Video Player | 66 | 224 | 48 | 3k+ | Text Domain Mismatch | |
| #81 | WP Simple Adsense Insertion | 66 | 3 | 29 | 3k+ | Input Not Validated | |
| #82 | Add Logo to Admin | 67 | 14 | 3 | 7k+ | Unsafe Printing Function | |
| #83 | Another Mailchimp Widget | 71 | 28 | 17 | 5k+ | Missing Translators Comment | |
| #84 | Bootstrap Shortcodes | 71 | 21 | 11 | 5k+ | missing direct file access protection | |
| #85 | FareHarbor for WordPress | 75 | 18 | 9 | 9k+ | Output Not Escaped | |
| #86 | Logos Reftagger | 75 | 12 | 15 | 10k+ | Add option Param3Found | |
| #87 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | |
| #88 | Modern Footnotes | 77 | 18 | 6 | 6k+ | Output Not Escaped | |
| #89 | Fix Another Update In Progress | 80 | 7 | 1 | 8k+ | Output Not Escaped | |
| #90 | AWEOS Google Maps iframe load per click | 81 | 11 | 7 | 3k+ | Text Domain Mismatch | |
| #91 | LocaliQ – Tracking Code | 85 | 12 | 11 | 2k+ | Non Prefixed Function Found | |
| #92 | Donorbox – Free Recurring Donation Plugin and Fundraising Platform | 87 | 5 | 6 | 8k+ | Missing Arg Domain | |
| #93 | Local Business Schema (JSON-LD) Lite | 90 | 155 | 8 | 3k+ | Text Domain Mismatch | |
| #94 | Pinyin Slugs | 97 | 1 | 3k+ | Using FILE |
