WordPress.WP.AlternativeFunctions.file_system_operations_fclose

file system operations fclose

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#251Kenta Companion236571,4192k+Non-prefixed global variable
#252King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder231,8313,87810k+Non-prefixed global variable
#253Masteriyo LMS – LMS Course Builder, Quizzes & Certificates231922,1235k+Non-prefixed global variable
#254License Manager for WooCommerce231298196k+Request data is not unslashed
#255Link Whisper Free233,8825,30330k+Text Domain Mismatch
#256Locatoraid Store Locator233196451k+Non-prefixed global variable
#257MailPoet – Newsletters, Email Marketing, and Automation23931719500k+Exception output is not escaped
#258Master Slider – Responsive Touch Slider2380040860k+Output is not escaped
#259MasterStudy LMS WordPress Plugin – for Online Courses and Education231,4194,87510k+Non-prefixed global variable
#260Media Library Assistant231,1443,94370k+Nonce verification recommended
#261MediaPress239045834k+Output is not escaped
#262Restaurant Menu and Food Ordering233858532k+Non-prefixed global variable
#263MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar234,06548820k+Text Domain Mismatch
#264MultiParcels Shipping For WooCommerce231793564k+Request data is not unslashed
#265MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO234855802k+Missing nonce verification
#266MyWorks Sync for WooCommerce & QuickBooks Online232,2929,1015k+Non-prefixed global variable
#267News Kit Addons For Elementor23694194k+Post Not In exclude
#268Next Active Directory Integration236832842k+Exception output is not escaped
#269NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization23316639100k+Output is not escaped
#270Ocean Extra231,4942,107500k+Non-prefixed global variable
#271Patchstack – WordPress & Plugins Security2310748940k+Missing nonce verification
#272Photo Gallery by 10Web – Mobile-Friendly Image Gallery234,1591,553100k+Output is not escaped
#273Gallery PhotoBlocks239041,3453k+Non-prefixed global variable
#274ExpressTechSoftwares Discord Add-on for Paid Memberships Pro23454449700Text Domain Mismatch
#275Postie2340726110k+Output is not escaped
#276PowerPress Podcasting plugin by Blubrry234,8072,39420k+Output is not escaped
#277Premium Addons for Elementor – Powerful Elementor Templates & Widgets23206997700k+Non-prefixed hook name
#278Radio Station by netmix® – Manage and play your Show Schedule in WordPress!239343,6191k+Non-prefixed global variable
#279Request a Quote – Quote Forms for Any WordPress Site232401,0991k+Non-prefixed hook name
#280Manago AI & Leadoo AI236444291k+Unsafe printing function
#281SecuPress with Simple SSL – Simple and Performant Security231,6961,59040k+Non-prefixed global variable
#282SEO Redirection Plugin – 301 Redirect Manager2327272710k+Non-prefixed global variable
#283Seraphinite Post .DOCX Source231,156110900Output is not escaped
#284Seriously Simple Podcasting2354862730k+Non-prefixed hook name
#285Local Google Analytics for WordPress – caches external requests235511993k+Output is not escaped
#286Image Optimizer, Resizer and CDN – Sirv236161,0041k+Output is not escaped
#287Site Reviews231,62559860k+Output is not escaped
#288Slider Hero with Video Background, Animation231,5651,2533k+Text Domain Mismatch
#289Slider by 10Web – Responsive Image Slider235,81497610k+Output is not escaped
#290Smart Marketing SMS and Newsletters Forms232,2211,0221k+Text Domain Mismatch
#291Smart Slider 323261268800k+Non-prefixed global variable
#292teachPress237441,5872k+SQL query is not prepared
#293Legal Terms and Conditions Popup for User Login and WooCommerce Checkout23524237700Output is not escaped
#294The Events Calendar233,5113,851700k+Text Domain Mismatch
#295Travelpayouts237691106k+Output is not escaped
#296Trinity Audio – Text to Speech AI audio player to convert content into audio231192272k+Non-prefixed global variable
#297Tutor LMS – eLearning and online course solution233953,406100k+Non-prefixed global variable
#298Directory Listings WordPress plugin – uListing239471,5731k+Non-prefixed global variable
#299UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP236942,43920k+Non-prefixed hook name
#300W3 Total Cache23307678900k+Non-prefixed global variable