WordPress.Security.PluginMenuSlug.Using__FILE__
Using FILE
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #101 | FareHarbor for WordPress | 75 | 18 | 9 | 9k+ | Output Not Escaped | |
| #102 | Logos Reftagger | 75 | 12 | 15 | 10k+ | Add option Param3Found | |
| #103 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | |
| #104 | Custom Cursor For WP | 77 | 10 | 7 | 1k+ | register setting Missing | |
| #105 | FD Footnotes Plugin | 77 | 28 | 5 | 1k+ | Non Singular String Literal Domain | |
| #106 | Modern Footnotes | 77 | 18 | 6 | 6k+ | Output Not Escaped | |
| #107 | Fix Another Update In Progress | 80 | 7 | 1 | 8k+ | Output Not Escaped | |
| #108 | AWEOS Google Maps iframe load per click | 81 | 11 | 7 | 3k+ | Text Domain Mismatch | |
| #109 | LocaliQ – Tracking Code | 85 | 12 | 11 | 2k+ | Non Prefixed Function Found | |
| #110 | TopBar Call To Action | 85 | 40 | 5 | 2k+ | Text Domain Mismatch | |
| #111 | Donorbox – Free Recurring Donation Plugin and Fundraising Platform | 87 | 5 | 6 | 8k+ | Missing Arg Domain | |
| #112 | Local Business Schema (JSON-LD) Lite | 90 | 155 | 8 | 3k+ | Text Domain Mismatch | |
| #113 | Pinyin Slugs | 97 | 1 | 3k+ | Using FILE |
