WordPress.WP.AlternativeFunctions.curl_curl_setopt
curl curl setopt
The plugin uses raw cURL functions instead of the WordPress HTTP API.
Why It Shows Up
Plugin Check found `curl_*` calls in plugin code.
Why It Matters
The WordPress HTTP API handles transports, proxies, SSL behavior, filters, and host compatibility more consistently than raw cURL.
How to Fix
- Replace simple cURL requests with `wp_remote_get()` or `wp_remote_post()`.
- Handle `WP_Error`, status codes, timeouts, and response body parsing explicitly.
- If a bundled library uses cURL internally, keep it isolated and avoid passing unchecked user input into requests.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | HT Easy GA4 – Google Analytics WordPress Plugin | 31 | 475 | 93 | 6k+ | Text Domain Mismatch | ||
| #402 | Easy HTTPS Redirection (SSL) | 31 | 224 | 100 | 100k+ | Unsafe printing function | ||
| #403 | RealHomes Stripe Payments | 31 | 202 | 33 | 500 | Exception output is not escaped | ||
| #404 | Openpay Cards Plugin | 31 | 166 | 105 | 3k+ | Text Domain Mismatch | ||
| #405 | PanoPress | 31 | 111 | 234 | 2k+ | Output is not escaped | ||
| #406 | PayKeeper Payment Gateway for WooCommerce | 31 | 113 | 44 | 400 | Non Singular String Literal Domain | ||
| #407 | افزونه پیامک ووکامرس Persian WooCommerce SMS | 31 | 72 | 269 | 40k+ | Nonce verification recommended | ||
| #408 | Push notification for Mobile and Web app | 31 | 87 | 83 | 400 | Non Singular String Literal Domain | ||
| #409 | Smart Keywords Tool – 智能关键词插件 | 31 | 361 | 33 | 600 | Non Singular String Literal Domain | ||
| #410 | WP Testimonials | 31 | 183 | 455 | 10k+ | Non-prefixed global variable | ||
| #411 | Discussion Board – WordPress Forum Plugin | 31 | 105 | 153 | 2k+ | Request data is not unslashed | ||
| #412 | AI Alt Text Generator | 32 | 76 | 24 | 1k+ | Missing Translators Comment | ||
| #413 | Better Robots.txt – AI-Ready Crawl Control & Bot Governance | 32 | 54 | 85 | 6k+ | error log error log | ||
| #414 | Enter Addons – Ultimate Template Builder for Elementor | 32 | 82 | 72 | 1k+ | Output is not escaped | ||
| #415 | Translate WordPress with GTranslate | 32 | 82 | 364 | 900k+ | Non-prefixed global variable | ||
| #416 | Juiz Last Tweet Widget | 32 | 136 | 53 | 500 | Output is not escaped | ||
| #417 | Autopay dla WooCommerce | 32 | 95 | 83 | 900 | Output is not escaped | ||
| #418 | Posti Shipping | 32 | 664 | 157 | 1k+ | Text Domain Mismatch | ||
| #419 | User Registration Using Contact Form 7 | 32 | 103 | 15 | 500 | wp function not compatible with requires wp | ||
| #420 | Payment Gateway for Redsys & WooCommerce Lite | 32 | 125 | 75 | 20k+ | Text Domain Mismatch | ||
| #421 | WT GeoTargeting | 32 | 89 | 43 | 1k+ | Output is not escaped | ||
| #422 | AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | 33 | 33 | 229 | 9k+ | Non-prefixed global variable | ||
| #423 | Nexi XPay | 33 | 496 | 277 | 6k+ | Text Domain Mismatch | ||
| #424 | Companion Sitemap Generator – Simple, Smart, and SEO-Ready | 33 | 118 | 57 | 7k+ | Missing Translators Comment | ||
| #425 | Janolaw AGB Hosting | 33 | 198 | 11 | 1k+ | Short PHP open tag found | ||
| #426 | Membership For WooCommerce | 33 | 40 | 658 | 800 | Non-prefixed global variable | ||
| #427 | Newebpay Payment | 33 | 146 | 115 | 600 | Text Domain Mismatch | ||
| #428 | SMTP2GO for WordPress – Email Made Easy | 33 | 186 | 111 | 30k+ | Output is not escaped | ||
| #429 | Telegram Bot & Channel | 33 | 182 | 113 | 600 | Unsafe printing function | ||
| #430 | Envato Toolkit | 33 | 219 | 69 | 5k+ | Output is not escaped | ||
| #431 | WP Twitter Auto Publish | 33 | 442 | 171 | 4k+ | Output is not escaped | ||
| #432 | Webmention | 33 | 64 | 89 | 900 | Output is not escaped | ||
| #433 | Website Monetization by MageNet | 33 | 60 | 87 | 20k+ | Output is not escaped | ||
| #434 | CM Search And Replace – Optimize content edits with a powerful search and replace tool | 34 | 286 | 111 | 2k+ | Output is not escaped | ||
| #435 | Datafeedr API | 34 | 307 | 48 | 6k+ | Output is not escaped | ||
| #436 | Import XML and RSS Feeds | 34 | 260 | 85 | 2k+ | Unsafe printing function | ||
| #437 | IndieAuth | 34 | 36 | 109 | 400 | Input is not sanitized | ||
| #438 | MailChimp Forms by MailMunch | 34 | 116 | 94 | 10k+ | Output is not escaped | ||
| #439 | Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin | 34 | 36 | 459 | 3k+ | Input is not sanitized | ||
| #440 | My Tickets – Accessible Event Ticketing | 34 | 314 | 566 | 700 | Nonce verification recommended | ||
| #441 | Meta pixel for WordPress | 34 | 91 | 38 | 400k+ | Exception output is not escaped | ||
| #442 | Openpay SPEI Plugin | 34 | 112 | 14 | 1k+ | Exception output is not escaped | ||
| #443 | OwnerRez | 34 | 79 | 56 | 700 | Unsafe printing function | ||
| #444 | المنتور فارسی | 34 | 52 | 50 | 40k+ | curl curl setopt | ||
| #445 | Podigee WordPress Quick Publish – now with Gutenberg support! | 34 | 108 | 95 | 700 | Text Domain Mismatch | ||
| #446 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | ||
| #447 | BjornTech PayPal POS integration for WooCommerce | 34 | 68 | 177 | 700 | Missing nonce verification | ||
| #448 | MailerLite – WooCommerce integration | 34 | 64 | 36 | 30k+ | Output is not escaped | ||
| #449 | Kybernaut IČO DIČ | 34 | 82 | 98 | 3k+ | Missing nonce verification | ||
| #450 | Woopra Analytics Plugin | 34 | 114 | 53 | 900 | Output is not escaped |
