WordPress.WP.AlternativeFunctions.file_system_operations_chmod

file system operations chmod

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#151	Unlimited Elements For Elementor	24	710	2,093	300k+	8 years ago	2 days ago	Non-prefixed global variable
#152	User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	24	664	3,318	60k+	9 years ago	yesterday	Non-prefixed global variable
#153	PDF Ink Lite – Free PDF Watermark & Password Protection	24	226	561	2k+	12 years ago	26 days ago	Non-prefixed global variable
#154	Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates	24	522	135	10k+	9 years ago	1 month ago	Output is not escaped
#155	EU VAT Assistant for WooCommerce	24	1,742	495	5k+	11 years ago	2 months ago	Non Singular String Literal Domain
#156	WPML Multilingual & Multicurrency for WooCommerce	24	1,453	1,618	100k+	14 years ago	15 days ago	SQL query is not prepared
#157	WP-Appbox	24	418	390	2k+	14 years ago	1 month ago	Missing Arg Domain
#158	SlimStat Analytics	24	1,169	737	70k+	16 years ago	1 month ago	Exception output is not escaped
#159	WP Travel – Ultimate Travel Booking System, Tour Management Engine	24	226	1,951	4k+	9 years ago	yesterday	Non-prefixed hook name
#160	Export All Posts, Products, Orders, Refunds & Users	24	363	1,130	7k+	10 years ago	1 month ago	Direct Query
#161	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	24	2,576	2,103	100k+	13 years ago	yesterday	Output is not escaped
#162	WPAdverts – Classifieds Plugin	24	1,308	496	5k+	11 years ago	22 days ago	Output is not escaped
#163	Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation	24	1,211	3,152	30k+	10 years ago	27 days ago	Non-prefixed global variable
#164	AliExpress Dropshipping Plugin for WooCommerce Stores	25	550	728	4k+	7 years ago	15 days ago	Text Domain Mismatch
#165	ATUM WooCommerce Inventory Management and Stock Tracking	25	2,638	1,304	10k+	9 years ago	1 month ago	Non Singular String Literal Domain
#166	CheckoutWC Lite	25	1,359	850	3k+	4 years ago	12 days ago	Text Domain Mismatch
#167	Disable Comments & Delete All Comments	25	503	185	9k+	9 years ago	1 month ago	Output is not escaped
#168	DecaLog	25	943	236	1k+	7 years ago	3 months ago	Exception output is not escaped
#169	Disable Admin Notices – Hide Dashboard Notifications	25	465	195	100k+	8 years ago	1 month ago	Output is not escaped
#170	Docket Cache – Object Cache Accelerator	25	333	481	20k+	6 years ago	22 days ago	Output is not escaped
#171	Site Kit by Google – Analytics, Search Console, AdSense, Speed	25	1,304	242	5m+	7 years ago	9 days ago	Missing direct file access protection
#172	Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin	25	608	207	20k+	14 years ago	1 month ago	Text Domain Mismatch
#173	LWS Optimize – All-in-One Speed Booster & Cache Tools	25	430	764	20k+	4 years ago	9 days ago	Non-prefixed global variable
#174	PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin	25	1,084	1,296	9k+	13 years ago	2 months ago	Non-prefixed global variable
#175	Piotnet Forms	25	187	374	3k+	6 years ago	2 years ago	Alternative PHP tag found
#176	Quttera ThreatSign – Web Malware Scanner for WordPress	25	334	471	10k+	14 years ago	yesterday	Non-prefixed global variable
#177	reSmush.it : The original free image compressor and optimizer plugin	25	155	69	100k+	10 years ago	8 days ago	Output is not escaped
#178	Simply Static – The Static Site Generator	25	163	446	30k+	11 years ago	5 days ago	Non-prefixed hook name
#179	Affiliate Program Suite — SliceWP Affiliates	25	1,291	2,089	10k+	6 years ago	yesterday	Output is not escaped
#180	Tamara Checkout	25	601	228	2k+	6 years ago	4 days ago	Exception output is not escaped
#181	TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool \| 1-Click Import/Export & No-Code Builder	25	705	1,587	10k+	3 years ago	12 days ago	Non-prefixed global variable
#182	VikBooking Hotel Booking Engine & PMS	25	13,232	8,312	8k+	8 years ago	8 days ago	Output is not escaped
#183	VikRentCar Car Rental Management System	25	5,537	5,048	4k+	7 years ago	27 days ago	Non-prefixed global variable
#184	PDF Builder for WooCommerce. Create invoices,packing slips and more	25	372	503	2k+	9 years ago	6 days ago	Non-prefixed global variable
#185	WordPress Importer	25	238	110	2m+	16 years ago	8 months ago	Output is not escaped
#186	WP Review Slider	25	1,186	2,279	6k+	9 years ago	19 days ago	Non-prefixed global variable
#187	Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF	25	154	118	60k+	14 years ago	25 days ago	Non-prefixed global variable
#188	Smush – Image Optimization, Compression, Lazy Load, WebP & CDN	25	252	566	1m+	18 years ago	2 days ago	Non-prefixed hook name
#189	WP Super Cache	25	800	989	1m+	19 years ago	28 days ago	Output is not escaped
#190	WPvivid — Backup, Migration & Staging	25	899	1,461	900k+	7 years ago	23 days ago	Non-prefixed namespace
#191	Backup, Restore and Migrate your sites with XCloner	25	238	864	10k+	16 years ago	29 days ago	Input is not sanitized
#192	ActiveCampaign for WooCommerce	26	541	190	6k+	8 years ago	21 days ago	Exception output is not escaped
#193	Database for Contact Form 7, WPforms, Elementor forms	26	317	489	60k+	8 years ago	5 days ago	Non-prefixed global variable
#194	SP Move Login	26	881	215	6k+	13 years ago	7 months ago	Text Domain Mismatch
#195	Cyrlitera – Transliteration of Links and File Names	27	453	204	40k+	8 years ago	1 month ago	Output is not escaped
#196	Login for Google Apps	27	139	85	10k+	13 years ago	1 year ago	Exception output is not escaped
#197	WP-DBManager	27	386	304	60k+	20 years ago	2 years ago	Non-prefixed global variable
#198	Kama Thumbnail	28	80	47	9k+	11 years ago	3 years ago	Output is not escaped
#199	Sparkle Demo Importer	28	307	166	6k+	6 years ago	2 years ago	Text Domain Mismatch
#200	CloudSecure WP Security	29	74	350	100k+	3 years ago	1 month ago	Request data is not unslashed