WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #801 | WP ULike – Like & Dislike Buttons for Engagement and Feedback | 31 | 269 | 358 | 60k+ | Output is not escaped | ||
| #802 | Hosting Benchmark tool | 31 | 202 | 115 | 4k+ | rand rand | ||
| #803 | YML for Yandex Market | 31 | 37 | 293 | 10k+ | Non-prefixed global variable | ||
| #804 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #805 | ACME Divi Modules | 32 | 573 | 35 | 400 | Text Domain Mismatch | ||
| #806 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | Non-prefixed global variable | ||
| #807 | Advanced Access Manager – Access Governance for WordPress | 32 | 849 | 62 | 100k+ | Output is not escaped | ||
| #808 | Affiliate Coupons – Coupon Display Manager – Excellent Tool for Affiliate Marketers | 32 | 183 | 61 | 1k+ | Output is not escaped | ||
| #809 | AI Alt Text Generator | 32 | 76 | 24 | 1k+ | Missing Translators Comment | ||
| #810 | Speed Kit | 32 | 296 | 73 | 2k+ | Output is not escaped | ||
| #811 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | Unsafe printing function | ||
| #812 | Code Manager | 32 | 217 | 261 | 500 | Nonce verification recommended | ||
| #813 | Contact Form Block | 32 | 64 | 77 | 500 | Non Singular String Literal Domain | ||
| #814 | Cooked – Recipe Management | 32 | 462 | 275 | 3k+ | Output is not escaped | ||
| #815 | CSV Import and Exporter | 32 | 83 | 138 | 1k+ | Non-prefixed global variable | ||
| #816 | Download Attachments | 32 | 69 | 188 | 8k+ | Non-prefixed hook name | ||
| #817 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | 32 | 560 | 198 | 5k+ | Text Domain Mismatch | ||
| #818 | Gallery Box | 32 | 395 | 43 | 1k+ | Text Domain Mismatch | ||
| #819 | WP Gravity Forms HubSpot | 32 | 771 | 160 | 600 | Text Domain Mismatch | ||
| #820 | CRM Perks Integration for Gravity Forms and Salesforce | 32 | 807 | 178 | 1k+ | Text Domain Mismatch | ||
| #821 | WP Gravity Forms Zoho CRM and Bigin | 32 | 750 | 174 | 400 | Text Domain Mismatch | ||
| #822 | GlotPress | 32 | 403 | 103 | 500 | Unsafe printing function | ||
| #823 | Gwolle Guestbook | 32 | 269 | 527 | 20k+ | Output is not escaped | ||
| #824 | Manager for IcoMoon | 32 | 270 | 68 | 400 | Short PHP open tag found | ||
| #825 | DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce | 32 | 166 | 119 | 5k+ | Output is not escaped | ||
| #826 | Persian Admnin Fonts | 32 | 343 | 468 | 500 | Non-prefixed global variable | ||
| #827 | Responsive Filterable Portfolio Gallery – Media Grid & Video Portfolio | 32 | 436 | 163 | 1k+ | Output is not escaped | ||
| #828 | Shariff Wrapper | 32 | 33 | 404 | 30k+ | Non-prefixed global variable | ||
| #829 | Simple Ajax Chat – Add a Fast, Secure Chat Box | 32 | 108 | 266 | 2k+ | Output is not escaped | ||
| #830 | System Dashboard | 32 | 91 | 205 | 1k+ | Request data is not unslashed | ||
| #831 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | Output is not escaped | ||
| #832 | Tumult Hype Animations | 32 | 56 | 117 | 1k+ | Output is not escaped | ||
| #833 | User Registration Using Contact Form 7 | 32 | 103 | 15 | 500 | wp function not compatible with requires wp | ||
| #834 | Easy 3D Viewer | 32 | 399 | 241 | 1k+ | Text Domain Mismatch | ||
| #835 | WP 2-step verification | 32 | 154 | 65 | 1k+ | Output is not escaped | ||
| #836 | WP Bannerize Pro | 32 | 281 | 216 | 800 | Text Domain Mismatch | ||
| #837 | Advanced Custom Fields: Typography Field | 33 | 445 | 57 | 4k+ | Text Domain Mismatch | ||
| #838 | Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia | 33 | 80 | 172 | 500 | Nonce verification recommended | ||
| #839 | Activity Plus Reloaded for BuddyPress | 33 | 88 | 93 | 1k+ | Output is not escaped | ||
| #840 | Cargus | 33 | 48 | 64 | 700 | Input is not sanitized | ||
| #841 | Century ToolKit | 33 | 118 | 78 | 800 | Output is not escaped | ||
| #842 | Contact List – Online Staff Directory & Address Book | 33 | 118 | 342 | 1k+ | Nonce verification recommended | ||
| #843 | Easy Upload Files During Checkout | 33 | 218 | 199 | 500 | Unsafe printing function | ||
| #844 | EchBay Phonering Alo | 33 | 74 | 47 | 1k+ | Output is not escaped | ||
| #845 | Human Presence – Stop Form Spam Without ReCaptcha | 33 | 54 | 65 | 1k+ | Request data is not unslashed | ||
| #846 | Gallery Custom Links | 33 | 64 | 62 | 30k+ | Non Singular String Literal Domain | ||
| #847 | GetResponse Forms by Optin Cat | 33 | 68 | 138 | 1k+ | Missing direct file access protection | ||
| #848 | WP GIF Uploader | 33 | 117 | 44 | 1k+ | Text Domain Mismatch | ||
| #849 | Five Star Restaurant Reviews | 33 | 242 | 142 | 400 | Output is not escaped | ||
| #850 | Comments – GraphComment | AI-Moderated Comment System | 33 | 191 | 177 | 400 | Unsafe printing function |