WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #201 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 918 | 916 | 70k+ | Exception output is not escaped | ||
| #202 | Wp-Insert | 22 | 267 | 301 | 10k+ | Output is not escaped | ||
| #203 | AidWP – Donation & Payment Forms (Stripe Powered) | 22 | 1,317 | 1,675 | 800 | Non-prefixed global variable | ||
| #204 | WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript | 22 | 164 | 257 | 9k+ | Non-prefixed constant | ||
| #205 | NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce | 22 | 1,353 | 1,412 | 2k+ | Non-prefixed global variable | ||
| #206 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #207 | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | 22 | 5,996 | 2,790 | 5k+ | Text Domain Mismatch | ||
| #208 | WPSSO Core – Complete Schema Markup and Meta Tags | 22 | 1,407 | 412 | 5k+ | Missing Translators Comment | ||
| #209 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | ||
| #210 | ЮKassa для WooCommerce | 22 | 590 | 168 | 9k+ | Short PHP open tag found | ||
| #211 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | Nonce verification recommended | ||
| #212 | AI Engine – The Chatbot, AI Framework & MCP for WordPress | 23 | 411 | 544 | 100k+ | error log error log | ||
| #213 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | Text Domain Mismatch | ||
| #214 | AR for WordPress | 23 | 149 | 508 | 400 | Non-prefixed global variable | ||
| #215 | Autoptimize | 23 | 288 | 191 | 800k+ | Output is not escaped | ||
| #216 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #217 | Booking calendar, Appointment Booking System | 23 | 1,079 | 1,125 | 4k+ | Output is not escaped | ||
| #218 | BSK PDF Manager | 23 | 1,576 | 625 | 7k+ | Text Domain Mismatch | ||
| #219 | Business Directory Plugin – Easy Listing Directories for WordPress | 23 | 611 | 1,058 | 10k+ | Non-prefixed global variable | ||
| #220 | Geo Controller | 23 | 203 | 544 | 1k+ | Non-prefixed global variable | ||
| #221 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 624 | 1,245 | 5k+ | Non-prefixed global variable | ||
| #222 | Church Admin | 23 | 1,643 | 4,202 | 900 | Direct Query | ||
| #223 | Classified Listing – AI-Powered Classified ads & Business Directory | 23 | 155 | 2,074 | 9k+ | Non-prefixed global variable | ||
| #224 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | Non-prefixed global variable | ||
| #225 | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 23 | 9,310 | 26,642 | 900 | Non-prefixed global variable | ||
| #226 | Free Theme Builder for Elementor – CRT Addons (Header, Footer, Archive, WooCommerce & 50+ Widgets) | 23 | 791 | 2,331 | 400 | Non-prefixed global variable | ||
| #227 | CWW Companion | 23 | 307 | 223 | 1k+ | Output is not escaped | ||
| #228 | DK PDF – WordPress PDF Generator | 23 | 744 | 335 | 3k+ | Exception output is not escaped | ||
| #229 | Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification | 23 | 675 | 643 | 1k+ | Unsafe printing function | ||
| #230 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non-prefixed namespace | ||
| #231 | EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder | 23 | 356 | 1,515 | 2k+ | Non-prefixed global variable | ||
| #232 | Error Log Monitor | 23 | 694 | 1,414 | 20k+ | Non-prefixed global variable | ||
| #233 | Essential Real Estate | 23 | 529 | 5,060 | 8k+ | Non-prefixed global variable | ||
| #234 | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI | 23 | 395 | 1,342 | 90k+ | Non-prefixed global variable | ||
| #235 | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | 23 | 386 | 999 | 500 | Non-prefixed global variable | ||
| #236 | Export WordPress Pages to Static HTML & PDF — Static Site Export | 23 | 490 | 301 | 4k+ | Text Domain Mismatch | ||
| #237 | Ezoic | 23 | 432 | 516 | 10k+ | Output is not escaped | ||
| #238 | Fastcache by Host.it | 23 | 1,327 | 203 | 700 | Text Domain Mismatch | ||
| #239 | Filr – Secure document library | 23 | 775 | 1,317 | 800 | Non-prefixed global variable | ||
| #240 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | Non Singular String Literal Domain | ||
| #241 | Futurio Extra | 23 | 787 | 205 | 20k+ | Text Domain Mismatch | ||
| #242 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | Output is not escaped | ||
| #243 | GAinWP Google Analytics Integration for WordPress | 23 | 525 | 176 | 8k+ | Output is not escaped | ||
| #244 | Anti-Malware Security and Brute-Force Firewall | 23 | 543 | 965 | 100k+ | Output is not escaped | ||
| #245 | Groundhogg — CRM, Newsletters, and Marketing Automation | 23 | 136 | 914 | 2k+ | Non-prefixed global variable | ||
| #246 | Interactive Content – H5P | 23 | 565 | 380 | 40k+ | Non Singular String Literal Domain | ||
| #247 | Houzez Property Feed | 23 | 1,464 | 1,615 | 1k+ | Text Domain Mismatch | ||
| #248 | Import from YML | 23 | 97 | 308 | 400 | Non-prefixed global variable | ||
| #249 | Payment forms, Buy now buttons, and Invoicing System | GetPaid | 23 | 387 | 1,258 | 5k+ | Non-prefixed global variable | ||
| #250 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped |
