WordPress.WP.AlternativeFunctions.curl_curl_setopt_array
curl curl setopt array
The plugin uses raw cURL functions instead of the WordPress HTTP API.
Why It Shows Up
Plugin Check found `curl_*` calls in plugin code.
Why It Matters
The WordPress HTTP API handles transports, proxies, SSL behavior, filters, and host compatibility more consistently than raw cURL.
How to Fix
- Replace simple cURL requests with `wp_remote_get()` or `wp_remote_post()`.
- Handle `WP_Error`, status codes, timeouts, and response body parsing explicitly.
- If a bundled library uses cURL internally, keep it isolated and avoid passing unchecked user input into requests.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Gravity Forms + Stripe | 27 | 368 | 210 | 600 | Output is not escaped | ||
| #152 | iQ Block Country | 27 | 164 | 245 | 20k+ | Request data is not unslashed | ||
| #153 | Sign-up Sheets | 27 | 325 | 363 | 1k+ | Output is not escaped | ||
| #154 | WPBase Cache | 27 | 189 | 113 | 2k+ | Text Domain Mismatch | ||
| #155 | AForms — Form Builder for Price Calculator & Cost Estimation | 28 | 564 | 95 | 3k+ | Text Domain Mismatch | ||
| #156 | Void Contact Form 7 Widget For Elementor Page Builder | 28 | 279 | 66 | 10k+ | Text Domain Mismatch | ||
| #157 | Expand Divi | 28 | 91 | 100 | 1k+ | Non-prefixed global variable | ||
| #158 | گیتلند | درگاه پرداخت هوشمند گیتلند | 28 | 327 | 235 | 2k+ | Output is not escaped | ||
| #159 | Kama Thumbnail | 28 | 80 | 47 | 9k+ | Output is not escaped | ||
| #160 | My auctions allegro | 28 | 483 | 235 | 500 | Non Singular String Literal Domain | ||
| #161 | افزونه حمل و نقل ووکامرس | پست پیشتاز، تیپاکس و پیک موتوری | 28 | 131 | 190 | 20k+ | Missing nonce verification | ||
| #162 | Redis Object Cache | 28 | 151 | 103 | 400k+ | Exception output is not escaped | ||
| #163 | Connect Matomo – Analytics Dashboard for WordPress | 28 | 100 | 102 | 60k+ | Missing Translators Comment | ||
| #164 | PhastPress | 29 | 95 | 52 | 10k+ | Exception output is not escaped | ||
| #165 | Responder | 29 | 77 | 185 | 3k+ | Non-prefixed global variable | ||
| #166 | SamedayCourier Shipping | 29 | 336 | 269 | 4k+ | Non Singular String Literal Domain | ||
| #167 | Widget for Yelp Reviews | 29 | 147 | 158 | 2k+ | Output is not escaped | ||
| #168 | Contact Form 7 – PayPal & Stripe Add-on | 30 | 385 | 233 | 7k+ | Unsafe printing function | ||
| #169 | Midtrans-WooCommerce | 30 | 112 | 132 | 5k+ | Non-prefixed global variable | ||
| #170 | Naver webmaster syndication v2 | 30 | 89 | 129 | 500 | Output is not escaped | ||
| #171 | zahls.ch Credit Cards, PostFinance and TWINT for WooCommerce | 30 | 121 | 265 | 3k+ | Non-prefixed global variable | ||
| #172 | RealHomes Stripe Payments | 31 | 202 | 33 | 500 | Exception output is not escaped | ||
| #173 | Openpay Cards Plugin | 31 | 166 | 105 | 3k+ | Text Domain Mismatch | ||
| #174 | PayKeeper Payment Gateway for WooCommerce | 31 | 113 | 44 | 400 | Non Singular String Literal Domain | ||
| #175 | افزونه پیامک ووکامرس Persian WooCommerce SMS | 31 | 72 | 269 | 40k+ | Nonce verification recommended | ||
| #176 | Pop-up | 31 | 103 | 91 | 10k+ | Output is not escaped | ||
| #177 | Re:amaze Helpdesk & Live Chat | 31 | 96 | 115 | 400 | Output is not escaped | ||
| #178 | reCAPTCHA in WP comments form | 31 | 264 | 60 | 8k+ | Output is not escaped | ||
| #179 | Ultimate Posts Widget | 31 | 309 | 86 | 10k+ | Output is not escaped | ||
| #180 | Helcim Commerce for WooCommerce | 32 | 94 | 121 | 800 | Text Domain Mismatch | ||
| #181 | Posti Shipping | 32 | 664 | 157 | 1k+ | Text Domain Mismatch | ||
| #182 | Unbounce Landing Pages | 32 | 169 | 86 | 10k+ | Output is not escaped | ||
| #183 | User Registration Using Contact Form 7 | 32 | 103 | 15 | 500 | wp function not compatible with requires wp | ||
| #184 | WP Weixin | 32 | 60 | 152 | 400 | Non-prefixed constant | ||
| #185 | Human Presence – Stop Form Spam Without ReCaptcha | 33 | 54 | 65 | 1k+ | Request data is not unslashed | ||
| #186 | Membership For WooCommerce | 33 | 40 | 658 | 800 | Non-prefixed global variable | ||
| #187 | Pay. Payment Methods for WooCommerce | 33 | 316 | 104 | 3k+ | Non Singular String Literal Domain | ||
| #188 | Advanced Custom Fields: reCAPTCHA Field | 34 | 104 | 53 | 800 | Text Domain Mismatch | ||
| #189 | Assistant – Every Day Productivity Apps | 34 | 124 | 97 | 4k+ | Exception output is not escaped | ||
| #190 | Enhanced Text Widget | 34 | 101 | 58 | 30k+ | Output is not escaped | ||
| #191 | SSL Mixed Content Fix | 34 | 53 | 65 | 8k+ | Output is not escaped | ||
| #192 | Meta pixel for WordPress | 34 | 91 | 38 | 400k+ | Exception output is not escaped | ||
| #193 | Openpay SPEI Plugin | 34 | 112 | 14 | 1k+ | Exception output is not escaped | ||
| #194 | OwnerRez | 34 | 79 | 56 | 700 | Unsafe printing function | ||
| #195 | Ad Widget for WordPress | 35 | 68 | 14 | 2k+ | Output is not escaped | ||
| #196 | Accept Cryptocurrencies with Plisio | 35 | 37 | 47 | 1k+ | Text Domain Mismatch | ||
| #197 | Poptin – Email Marketing Automation, Newsletter & Exit Pop Ups, Email Popups | 35 | 168 | 29 | 20k+ | Output is not escaped | ||
| #198 | Backend Payments for WooCommerce | 35 | 63 | 42 | 900 | Exception output is not escaped | ||
| #199 | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | 35 | 49 | 229 | 50k+ | Non-prefixed hook name | ||
| #200 | Lara's Google Analytics (GA4) | 36 | 303 | 57 | 9k+ | Unsafe printing function |
