WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1051Contact Form Widget38541071k+Request data is not unslashed
#1052OneSignal – Web Push Notifications38536470k+Output is not escaped
#1053Quick Download Button38341232k+Non-prefixed global variable
#1054SCSS WP Editor3811140900Exception output is not escaped
#1055Simple JWT Login – Allows you to use JWT on REST endpoints.38712954k+Output is not escaped
#1056Simple Keyword to Link3890493k+Non Singular String Literal Domain
#1057Smart Cookie Kit38263813k+Output is not escaped
#1058Standout CSS3 Buttons3818315500Output is not escaped
#1059WP Maintenance Mode & Site Under Construction3872573k+Output is not escaped
#1060WP-ServerInfo381625510k+Output is not escaped
#1061Accounting for WooCommerce3987115500Unsafe printing function
#1062Admin Custom Font3934251k+Unsafe printing function
#1063Andreani WooCommerce392186700Non-prefixed global variable
#1064Australia Post WooCommerce Extension3999123k+Text Domain Mismatch
#1065Blackhole for Bad Bots391236930k+Output is not escaped
#1066GS Only PDF Preview3946361k+Output is not escaped
#1067Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce3976641k+Missing Translators Comment
#1068Movable Type and TypePad Importer39422520k+Output is not escaped
#1069NextGEN Download Gallery3957212k+Short PHP open tag found
#1070Purge Varnish Cache391131511k+Non-prefixed global variable
#1071Royal Mail Shipping Calculator for WooCommerce3961311k+Text Domain Mismatch
#1072Sync Post With Other Site39177213k+Non Singular String Literal Domain
#1073TinyMCE Custom Styles39297767k+Non Singular String Literal Domain
#1074Use Any Font | Custom Font Uploader393655200k+Request data is not unslashed
#1075Virusdie | One-click website security39149662k+Output is not escaped
#1076Website LLMs.txt391314540k+Non-prefixed global variable
#1077htaccess protect392833800Input is not validated
#1078Advanced Country Blocker4023772k+Exception output is not escaped
#1079Advanced IP Blocker4094432k+Exception output is not escaped
#1080Atomic Edge Security – Firewall, Malware Scan and Login Security4012184700Non-prefixed global variable
#1081Bangladeshi Payment Gateways – Make Payment Using QR Code4040365k+Output is not escaped
#1082Broken Link Notifier40111931k+Non-prefixed global variable
#1083Database Addon for Contact Form 7 – CFDB7403556600k+Nonce verification recommended
#1084Custom Contact Forms40131066k+Missing nonce verification
#1085Export Post Info406631k+Unsafe printing function
#1086Far Future Expiry Header4025367k+Request data is not unslashed
#1087Product Enquiry for WooCommerce4057413k+Output is not escaped
#1088LLM Bot Tracker – AI Crawler Detection & Analytics401890700Database parameter is not escaped
#1089Where Did You Hear About Us Checkout Field for WooCommerce4057661k+Output is not escaped
#1090Sentry for WordPress40804010k+Text Domain Mismatch
#1091Heroic Favicon Generator4110476k+Output is not escaped
#1092SNORDIAN's H5PxAPIkatchu4111988500SQL query is not prepared
#1093Multiple Domain41421710k+Output is not escaped
#1094Powie's WHOIS Domain Check413811500Unsafe printing function
#1095Threat Scan Plugin412917400Output is not escaped
#1096Spam Protect for Contact Form 741166110k+Request data is not unslashed
#1097WP Crontrol412091300k+Nonce verification recommended
#1098WP Media folders4119743k+Direct Query
#1099Asesor de Cookies RGPD para normativa europea42273220k+Missing nonce verification
#1100多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条4217382k+Input is not sanitized