WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1101Gelato Integration for WooCommerce4236325k+Output is not escaped
#1102Mailster Cool Captcha426528400Text Domain Mismatch
#1103WP Post Redirect4229173k+Unsafe printing function
#1104WP QuickLaTeX4241604k+Non-prefixed global variable
#1105WP SmartCrop4343124k+Output is not escaped
#1106SmartVideo – Video Player and CDN44295441k+Text Domain Mismatch
#1107WP Club Manager – WordPress Sports Club Plugin44171682600Non-prefixed global variable
#1108Contact Form 7 Signature Addon45147446k+Text Domain Mismatch
#1109Evergreen Countdown Timer45193352k+wp function not compatible with requires wp
#1110JetHost Total Care – Security & Enhancements451085800Direct Query
#1111reCAPTCHA for Asgaros Forum4521364k+Input is not validated
#1112Better image sizes4645232k+Text Domain Mismatch
#1113Official CleverReach® Plugin for WooCommerce463798400Non-prefixed global variable
#1114Gravity Forms Constant Contact4636273k+Non-prefixed class
#1115404 Image Redirection (Replace Broken Images)4711885500Text Domain Mismatch
#1116Import Users from CSV47331210k+Unsafe printing function
#1117Tabby Checkout4733464k+Non-prefixed class
#1118The Tribal Plugin474362800Non-prefixed function
#1119iControlWP4745591k+Missing direct file access protection
#1120WP Prefix Changer472716900Missing Arg Domain
#1121Compress, Resize & Lazy Load Images – WPvivid Image Optimization471075810k+Missing direct file access protection
#1122Ansar Import – One Click Starter Sites – for Elementor & Themes482711610k+Non-prefixed global variable
#1123Tag Pilot FREE – Google Tag Manager Integration for WooCommerce4835191k+Output is not escaped
#1124wp-Monalisa485694700Direct Query
#1125Drag and Drop Multiple File Upload for WooCommerce49114295k+Text Domain Mismatch
#1126SpinupWP49433830k+Non-prefixed function
#1127PDF Invoices & Packing Slips for WooCommerce – Challan49561514k+Non-prefixed global variable
#1128Event Organiser CSV502827600Output is not escaped
#1129Veeqo for WooCommerce503017700Missing direct file access protection
#1130Easy Search Replace – Find & Replace Text/HTML/URLs, Remove Footer Credit51661500Input is not sanitized
#1131Fullscreen Galleria523710800Output is not escaped
#1132Price Based on Country for WooCommerce524312620k+Non-prefixed hook name
#1133Connect Contact Form 7 and Mailchimp532365240k+Text Domain Mismatch
#1134워드프레스 결제 심플페이 – 우커머스 결제 플러그인5379921k+Missing direct file access protection
#1135Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely53349020k+Database parameter is not escaped
#1136CSV Importer5424113k+Missing direct file access protection
#1137AI Agent by SiteGround542861m+Exception output is not escaped
#1138Yext Plugin551623700Non-prefixed function
#1139Review Stream564142400Non-prefixed global variable
#1140Known Agents – Track AI Bots and Crawlers, Block Scrapers, Analyze LLM Referral Traffic5737121k+Setting is missing a sanitization callback
#1141Gravity PDF5711615220k+Non-prefixed global variable
#1142WP Table Builder – Drag & Drop Table Builder57633950k+Not Allowed
#1143PDF invoice for WP ERP58961342k+Non-prefixed global variable
#1144Videopack582810810k+Input is not sanitized
#1145Co-Authors Plus5927620k+Input is not sanitized
#1146flowpaper59133110k+Non-prefixed function
#1147Resize Image After Upload59151180k+Output is not escaped
#1148WC Korkmaz Contract – Contracts for WooCommerce59738600Non-prefixed global variable
#1149Mailster AmazonSES Integration6052252k+Missing Arg Domain
#1150Surge6046474k+Non-prefixed global variable