WordPress.WP.AlternativeFunctions.file_system_operations_chmod

file system operations chmod

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#251Di Themes Demo Site Importer293431831k+Text Domain Mismatch
#252Easy HTTPS Redirection (SSL)29266152100k+Unsafe printing function
#253Kits, Templates and Patterns29380915k+Text Domain Mismatch
#254SQLite Database Integration29161893k+Exception output is not escaped
#255Themify – WooCommerce Product Filter2964314520k+Output is not escaped
#256WP Popular Posts2977300100k+Non-prefixed global variable
#257Blockons – Gutenberg blocks for WordPress and WooCommerce websites3069205700Non-prefixed global variable
#258EDI – Обмен данными между WooCommerce и 1С30284101600Text Domain Mismatch
#259Export Plugins and Templates30143331k+file system operations fread
#260PiWeb Export Customers Users & Guest customer to CSV for WooCommerce30173751k+Text Domain Mismatch
#261Import WooCommerce Suite for Products, Orders, Coupons, Reviews, and Customers | WP Ultimate CSV Importer30804344k+Interpolated SQL is not prepared
#262Operation Demo Importer – Demo Importer For WPoperation Themes302451041k+Text Domain Mismatch
#263SMTP for Amazon SES – YaySMTP301971223k+Exception output is not escaped
#264Travelers' Map303111551k+Output is not escaped
#265WCPOS – Point of Sale (POS) plugin for WooCommerce30772285k+Nonce verification recommended
#266AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization31911332k+Output is not escaped
#267Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter315719650k+Nonce verification recommended
#268Asgaros Forum3116741210k+Output is not escaped
#269Easy Upload Files During Checkout31220208500Unsafe printing function
#270FastDup – Fastest WordPress Migration & Duplicator3183665k+wp function not compatible with requires wp
#271Kindeditor For WordPress3163130500Non-prefixed global variable
#272Login rebuilder3140622620k+Non Singular String Literal Domain
#273Qode Essential Addons315529510k+Non-prefixed global variable
#274WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite31133438600Non-prefixed global variable
#275Child Theme Configurator32442267300k+Unsafe printing function
#276CSV Import and Exporter32831381k+Non-prefixed global variable
#277Enter Addons – Ultimate Template Builder for Elementor3282721k+Output is not escaped
#278Tumult Hype Animations32561171k+Output is not escaped
#279Sola Payment Gateway for WooCommerce32112115700Missing Translators Comment
#280EchBay Phonering Alo3374471k+Output is not escaped
#281Human Presence – Stop Form Spam Without ReCaptcha3354651k+Request data is not unslashed
#282WP GIF Uploader33117441k+Text Domain Mismatch
#283WP Twitter Auto Publish334421714k+Output is not escaped
#284XML Sitemaps3365622k+Output is not escaped
#285All-in-One WP Migration and Backup3447695m+Missing nonce verification
#286EasyIndex34741351k+Missing nonce verification
#287Garden Gnome Package34116514k+Text Domain Mismatch
#288Gitium3414957400Output is not escaped
#289Greenshift – animation and page builder blocks343327270k+Non-prefixed global variable
#290HTML Import 234273265k+Unsafe printing function
#291Security Safe34193164700Missing Translators Comment
#292Email Template Designer – WP HTML Mail34628020k+badly named files
#293CF7 Views – Complete Entry Management for Contact Form 7351721811k+Output is not escaped
#294Cryptex | E-Mail Address Protection356210900Output is not escaped
#295Disable XML-RPC-API3544452100k+Text Domain Mismatch
#296Elementor Website Builder – more than just a page builder354642810m+Non-prefixed global variable
#297Enlighter – Customizable Syntax Highlighter35501010k+Output is not escaped
#298EWWW Image Optimizer352257291m+Direct Query
#299GeoTargeting Lite – WordPress Geolocation3566791k+Output is not escaped
#300ImageMagick Engine35632960k+Unsafe printing function