WordPress.WP.AlternativeFunctions.file_system_operations_chmod
file system operations chmod
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #351 | WP-Farsi | 65 | 26 | 36 | 600 | Non-prefixed function | ||
| #352 | Desert Companion | 68 | 412 | 837 | 20k+ | Non-prefixed global variable | ||
| #353 | Debug | 69 | 25 | 34 | 2k+ | Input is not sanitized | ||
| #354 | MemcacheD Is Your Friend | 72 | 23 | 33 | 1k+ | Non-prefixed function | ||
| #355 | Multifile Upload Field for Contact Form 7 | 73 | 41 | 7 | 5k+ | Text Domain Mismatch | ||
| #356 | Signature Field For Contact Form 7 – CF7Sign | 74 | 9 | 12 | 700 | Missing Translators Comment | ||
| #357 | Spider Blocker | 78 | 19 | 9 | 20k+ | Missing Translators Comment | ||
| #358 | Custom Icons for Elementor | 80 | 6 | 25 | 10k+ | Non-prefixed global variable | ||
| #359 | Cachify | 84 | 9 | 36 | 9k+ | Non-prefixed global variable | ||
| #360 | Digital Signature For Contact Form 7 | 84 | 22 | 11 | 5k+ | file system operations fwrite | ||
| #361 | Salt Shaker | 85 | 15 | 13 | 6k+ | Interpolated SQL is not prepared | ||
| #362 | Export/Import Media – CSV Media Library Import & Export | 98 | 7 | 4 | 1k+ | Missing Translators Comment |