WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #701 | VG WORT METIS | 28 | 150 | 317 | 900 | Nonce verification recommended | ||
| #702 | 10WebSocial | 28 | 584 | 185 | 10k+ | Unsafe printing function | ||
| #703 | WeeConnectPay – Clover Payment Gateway for WooCommerce | 28 | 179 | 171 | 500 | Exception output is not escaped | ||
| #704 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output is not escaped | ||
| #705 | WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买 | 28 | 57 | 138 | 500 | Request data is not unslashed | ||
| #706 | Accordion Slider Gallery | 29 | 379 | 142 | 1k+ | Text Domain Mismatch | ||
| #707 | Alt Text AI – Automatically generate image alt text for SEO and accessibility | 29 | 72 | 280 | 20k+ | Non-prefixed global variable | ||
| #708 | AppPresser – Mobile App Framework | 29 | 262 | 214 | 1k+ | Text Domain Mismatch | ||
| #709 | aThemeArt Theme Helper | 29 | 206 | 151 | 2k+ | Non-prefixed global variable | ||
| #710 | Bitcoin Payments – Blockonomics | 29 | 208 | 227 | 2k+ | Output is not escaped | ||
| #711 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | 29 | 236 | 369 | 2k+ | Non-prefixed global variable | ||
| #712 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #713 | DB Cache Reloaded Fix | 29 | 133 | 42 | 2k+ | Output is not escaped | ||
| #714 | Di Themes Demo Site Importer | 29 | 343 | 183 | 1k+ | Text Domain Mismatch | ||
| #715 | Document Gallery | 29 | 183 | 98 | 8k+ | Output is not escaped | ||
| #716 | Interactive Image Map Plugin – Draw Attention | 29 | 620 | 227 | 20k+ | Output is not escaped | ||
| #717 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | ||
| #718 | Easy HTTPS Redirection (SSL) | 29 | 266 | 152 | 100k+ | Unsafe printing function | ||
| #719 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | 29 | 625 | 351 | 1k+ | Text Domain Mismatch | ||
| #720 | Interactive World Map | 29 | 684 | 341 | 1k+ | Text Domain Mismatch | ||
| #721 | Kits, Templates and Patterns | 29 | 380 | 91 | 5k+ | Text Domain Mismatch | ||
| #722 | Laposta WooCommerce | 29 | 96 | 115 | 500 | Non-prefixed global variable | ||
| #723 | Meow Gallery | 29 | 113 | 182 | 10k+ | Direct Query | ||
| #724 | Offload Media – Cloud Storage | 29 | 126 | 80 | 1k+ | unlink unlink | ||
| #725 | Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | 29 | 80 | 162 | 200k+ | Nonce verification recommended | ||
| #726 | pCloud WP Backup | 29 | 120 | 73 | 1k+ | Exception output is not escaped | ||
| #727 | PhastPress | 29 | 95 | 52 | 10k+ | Exception output is not escaped | ||
| #728 | Pósturinn\'s Shipping with WooCommerce | 29 | 713 | 551 | 500 | Text Domain Mismatch | ||
| #729 | Social Engine | 29 | 133 | 90 | 600 | Exception output is not escaped | ||
| #730 | SQLite Database Integration | 29 | 161 | 89 | 3k+ | Exception output is not escaped | ||
| #731 | SureMembers – Membership & Content Restriction Plugin | 29 | 359 | 248 | 1k+ | Text Domain Mismatch | ||
| #732 | Tilda-publishing | 29 | 219 | 78 | 700 | Output is not escaped | ||
| #733 | User Verification by PickPlugins | 29 | 41 | 314 | 5k+ | Request data is not unslashed | ||
| #734 | Visualizer – Tables & Charts Manager with Built-in AI Generator | 29 | 348 | 331 | 20k+ | Output is not escaped | ||
| #735 | Sofortueberweisung Gateway for Woocommerce | 29 | 104 | 71 | 700 | Output is not escaped | ||
| #736 | Woostify Sites Library | 29 | 229 | 198 | 20k+ | Text Domain Mismatch | ||
| #737 | WP-PostRatings | 29 | 425 | 384 | 30k+ | Output is not escaped | ||
| #738 | XML for Google Merchant Center | 29 | 52 | 312 | 3k+ | Non-prefixed global variable | ||
| #739 | Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance | 30 | 164 | 439 | 100k+ | Interpolated SQL is not prepared | ||
| #740 | Contact Form 7 Connector | 30 | 324 | 196 | 5k+ | Text Domain Mismatch | ||
| #741 | BrightEdge Autopilot | 30 | 108 | 31 | 600 | curl curl setopt | ||
| #742 | EDI – Обмен данными между WooCommerce и 1С | 30 | 284 | 101 | 600 | Text Domain Mismatch | ||
| #743 | Easy Affiliate Links | 30 | 186 | 198 | 7k+ | Missing direct file access protection | ||
| #744 | Element Invader – Template Kits for Elementor | 30 | 274 | 130 | 3k+ | Output is not escaped | ||
| #745 | Eway Payment Gateway | 30 | 509 | 92 | 800 | Missing Translators Comment | ||
| #746 | Export Plugins and Templates | 30 | 143 | 33 | 1k+ | file system operations fread | ||
| #747 | PiWeb Export Customers Users & Guest customer to CSV for WooCommerce | 30 | 173 | 75 | 1k+ | Text Domain Mismatch | ||
| #748 | FormLift for Keap (Legacy) Web Forms | 30 | 162 | 315 | 400 | Request data is not unslashed | ||
| #749 | Formzu WP | 30 | 167 | 163 | 3k+ | Text Domain Mismatch | ||
| #750 | Import WooCommerce Suite for Products, Orders, Coupons, Reviews, and Customers | WP Ultimate CSV Importer | 30 | 80 | 434 | 4k+ | Interpolated SQL is not prepared |