WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1151 | Surge | 60 | 46 | 47 | 4k+ | Non-prefixed global variable | ||
| #1152 | WoowGallery | 60 | 15 | 178 | 1k+ | Non-prefixed global variable | ||
| #1153 | Newspack Newsletters | 61 | 53 | 47 | 1k+ | Request data is not unslashed | ||
| #1154 | When Last Login – Export User Records | 61 | 18 | 13 | 500 | Output is not escaped | ||
| #1155 | Import entries for Gravity Forms | 62 | 6 | 26 | 500 | Input is not validated | ||
| #1156 | Easy SSL Plugin for SAKURA Rental Server | 62 | 23 | 17 | 50k+ | Input is not sanitized | ||
| #1157 | Include Klaviyo for Elementor pro | 63 | 60 | 10 | 2k+ | Missing Arg Domain | ||
| #1158 | Admin CSS MU | 64 | 30 | 582 | 10k+ | Non-prefixed global variable | ||
| #1159 | CV Demo Importer | 64 | 21 | 95 | 400 | Non-prefixed global variable | ||
| #1160 | Embed Google Fonts | 64 | 28 | 7 | 5k+ | Output is not escaped | ||
| #1161 | WP Search with Algolia | 64 | 26 | 16 | 7k+ | Exception output is not escaped | ||
| #1162 | Яндекс.ПДС Пингер / Yandex Site search pinger | 64 | 21 | 5 | 800 | Output is not escaped | ||
| #1163 | QRCode | 65 | 21 | 39 | 400 | Non-prefixed constant | ||
| #1164 | WP-Farsi | 65 | 26 | 36 | 600 | Non-prefixed function | ||
| #1165 | Debug Log Manager – Conveniently Monitor and Inspect Errors | 66 | 33 | 44 | 10k+ | Input is not validated | ||
| #1166 | Easy PHP Settings | 66 | 34 | 48 | 1k+ | Missing Translators Comment | ||
| #1167 | Really Simple CSV Importer | 66 | 38 | 8 | 40k+ | Output is not escaped | ||
| #1168 | Safe Redirect Manager | 66 | 9 | 60 | 40k+ | Non-prefixed hook name | ||
| #1169 | Affiliates Manager Google reCAPTCHA Integration | 67 | 18 | 10 | 400 | Request data is not unslashed | ||
| #1170 | Meks Audio Player | 67 | 25 | 7 | 1k+ | Output is not escaped | ||
| #1171 | Printful Integration for WooCommerce | 67 | 218 | 76 | 50k+ | Text Domain Mismatch | ||
| #1172 | Simple HTTPS | 67 | 17 | 13 | 400 | Output is not escaped | ||
| #1173 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection | ||
| #1174 | Desert Companion | 68 | 412 | 837 | 20k+ | Non-prefixed global variable | ||
| #1175 | Faire for WooCommerce | 68 | 4 | 86 | 800 | Direct Query | ||
| #1176 | Russian Post and EMS for WooCommerce | 68 | 16 | 47 | 1k+ | Non-prefixed global variable | ||
| #1177 | WiserReview Product Reviews for WooCommerce | 68 | 21 | 110 | 900 | Non-prefixed global variable | ||
| #1178 | Solid Mail – SMTP email and logging made by SolidWP | 68 | 16 | 17 | 60k+ | Database parameter is not escaped | ||
| #1179 | Debug | 69 | 25 | 34 | 2k+ | Input is not sanitized | ||
| #1180 | Mailster WordPress Newsletter Plugin | 69 | 14 | 11 | 8k+ | Output is not escaped | ||
| #1181 | Show-Hide / Collapse-Expand | 70 | 18 | 15 | 10k+ | Missing direct file access protection | ||
| #1182 | SQL Executioner | 70 | 18 | 17 | 2k+ | Non-prefixed global variable | ||
| #1183 | Bold Timeline Lite | 71 | 220 | 561 | 10k+ | Non-prefixed global variable | ||
| #1184 | Nginx Helper | 71 | 47 | 60 | 200k+ | Non-prefixed global variable | ||
| #1185 | Cloudinary – Deliver Images and Videos at Scale | 72 | 691 | 134 | 5k+ | Text Domain Mismatch | ||
| #1186 | Shipping Rate By Cities | 72 | 4 | 21 | 700 | Direct Query | ||
| #1187 | TinyPNG – JPEG, PNG & WebP image compression | 72 | 40 | 73 | 100k+ | Non-prefixed global variable | ||
| #1188 | Emergency password reset | 73 | 56 | 14 | 800 | wp function not compatible with requires wp | ||
| #1189 | Export Plugin Details | 73 | 13 | 6 | 2k+ | Output is not escaped | ||
| #1190 | WPWaterMark 轻水印插件 | 73 | 24 | 17 | 1k+ | Request data is not unslashed | ||
| #1191 | Custom Icons for Elementor and WPBakery | 74 | 35 | 38 | 10k+ | Non-prefixed global variable | ||
| #1192 | reCAPTCHA for bbPress | 75 | 14 | 19 | 800 | Non-prefixed function | ||
| #1193 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | ||
| #1194 | Ajax Search Lite – Live Search & Filter | 76 | 126 | 264 | 80k+ | Non-prefixed hook name | ||
| #1195 | Cache External Scripts | 76 | 21 | 4 | 900 | Output is not escaped | ||
| #1196 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | 77 | 37 | 282 | 40k+ | Non-prefixed global variable | ||
| #1197 | Mailster Mailgun Integration | 77 | 16 | 5 | 500 | Missing Translators Comment | ||
| #1198 | FAQ Schema For Pages And Posts | 81 | 56 | 5 | 7k+ | Text Domain Mismatch | ||
| #1199 | WordPress REST API (Version 2) | 82 | 476 | 13 | 10k+ | Missing Arg Domain | ||
| #1200 | Mailster SendGrid Integration | 83 | 23 | 3 | 1k+ | Missing Translators Comment |