WordPress.WP.AlternativeFunctions.file_system_operations_fclose
file system operations fclose
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #251 | Kenta Companion | 23 | 657 | 1,419 | 2k+ | Non-prefixed global variable | ||
| #252 | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | 23 | 1,831 | 3,878 | 10k+ | Non-prefixed global variable | ||
| #253 | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates | 23 | 192 | 2,123 | 5k+ | Non-prefixed global variable | ||
| #254 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #255 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | Text Domain Mismatch | ||
| #256 | Locatoraid Store Locator | 23 | 319 | 645 | 1k+ | Non-prefixed global variable | ||
| #257 | MailPoet – Newsletters, Email Marketing, and Automation | 23 | 931 | 719 | 500k+ | Exception output is not escaped | ||
| #258 | Master Slider – Responsive Touch Slider | 23 | 800 | 408 | 60k+ | Output is not escaped | ||
| #259 | MasterStudy LMS WordPress Plugin – for Online Courses and Education | 23 | 1,419 | 4,875 | 10k+ | Non-prefixed global variable | ||
| #260 | Media Library Assistant | 23 | 1,144 | 3,943 | 70k+ | Nonce verification recommended | ||
| #261 | MediaPress | 23 | 904 | 583 | 4k+ | Output is not escaped | ||
| #262 | Restaurant Menu and Food Ordering | 23 | 385 | 853 | 2k+ | Non-prefixed global variable | ||
| #263 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | 23 | 4,065 | 488 | 20k+ | Text Domain Mismatch | ||
| #264 | MultiParcels Shipping For WooCommerce | 23 | 179 | 356 | 4k+ | Request data is not unslashed | ||
| #265 | MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO | 23 | 485 | 580 | 2k+ | Missing nonce verification | ||
| #266 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non-prefixed global variable | ||
| #267 | News Kit Addons For Elementor | 23 | 69 | 419 | 4k+ | Post Not In exclude | ||
| #268 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | ||
| #269 | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | 23 | 316 | 639 | 100k+ | Output is not escaped | ||
| #270 | Ocean Extra | 23 | 1,494 | 2,107 | 500k+ | Non-prefixed global variable | ||
| #271 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | Missing nonce verification | ||
| #272 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | 23 | 4,159 | 1,553 | 100k+ | Output is not escaped | ||
| #273 | Gallery PhotoBlocks | 23 | 904 | 1,345 | 3k+ | Non-prefixed global variable | ||
| #274 | ExpressTechSoftwares Discord Add-on for Paid Memberships Pro | 23 | 454 | 449 | 700 | Text Domain Mismatch | ||
| #275 | Postie | 23 | 407 | 261 | 10k+ | Output is not escaped | ||
| #276 | PowerPress Podcasting plugin by Blubrry | 23 | 4,807 | 2,394 | 20k+ | Output is not escaped | ||
| #277 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | 23 | 206 | 997 | 700k+ | Non-prefixed hook name | ||
| #278 | Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | 23 | 934 | 3,619 | 1k+ | Non-prefixed global variable | ||
| #279 | Request a Quote – Quote Forms for Any WordPress Site | 23 | 240 | 1,099 | 1k+ | Non-prefixed hook name | ||
| #280 | Manago AI & Leadoo AI | 23 | 644 | 429 | 1k+ | Unsafe printing function | ||
| #281 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | Non-prefixed global variable | ||
| #282 | SEO Redirection Plugin – 301 Redirect Manager | 23 | 272 | 727 | 10k+ | Non-prefixed global variable | ||
| #283 | Seraphinite Post .DOCX Source | 23 | 1,156 | 110 | 900 | Output is not escaped | ||
| #284 | Seriously Simple Podcasting | 23 | 548 | 627 | 30k+ | Non-prefixed hook name | ||
| #285 | Local Google Analytics for WordPress – caches external requests | 23 | 551 | 199 | 3k+ | Output is not escaped | ||
| #286 | Image Optimizer, Resizer and CDN – Sirv | 23 | 616 | 1,004 | 1k+ | Output is not escaped | ||
| #287 | Site Reviews | 23 | 1,625 | 598 | 60k+ | Output is not escaped | ||
| #288 | Slider Hero with Video Background, Animation | 23 | 1,565 | 1,253 | 3k+ | Text Domain Mismatch | ||
| #289 | Slider by 10Web – Responsive Image Slider | 23 | 5,814 | 976 | 10k+ | Output is not escaped | ||
| #290 | Smart Marketing SMS and Newsletters Forms | 23 | 2,221 | 1,022 | 1k+ | Text Domain Mismatch | ||
| #291 | Smart Slider 3 | 23 | 261 | 268 | 800k+ | Non-prefixed global variable | ||
| #292 | teachPress | 23 | 744 | 1,587 | 2k+ | SQL query is not prepared | ||
| #293 | Legal Terms and Conditions Popup for User Login and WooCommerce Checkout | 23 | 524 | 237 | 700 | Output is not escaped | ||
| #294 | The Events Calendar | 23 | 3,511 | 3,851 | 700k+ | Text Domain Mismatch | ||
| #295 | Travelpayouts | 23 | 769 | 110 | 6k+ | Output is not escaped | ||
| #296 | Trinity Audio – Text to Speech AI audio player to convert content into audio | 23 | 119 | 227 | 2k+ | Non-prefixed global variable | ||
| #297 | Tutor LMS – eLearning and online course solution | 23 | 395 | 3,406 | 100k+ | Non-prefixed global variable | ||
| #298 | Directory Listings WordPress plugin – uListing | 23 | 947 | 1,573 | 1k+ | Non-prefixed global variable | ||
| #299 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 694 | 2,439 | 20k+ | Non-prefixed hook name | ||
| #300 | W3 Total Cache | 23 | 307 | 678 | 900k+ | Non-prefixed global variable |