WordPress.WP.AlternativeFunctions.file_system_operations_fopen
file system operations fopen
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #451 | Nextend Social Login and Register | 27 | 1,668 | 243 | 200k+ | Output Not Escaped | |
| #452 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 27 | 272 | 531 | 6k+ | Missing Unslash | |
| #453 | Packlink PRO for WooCommerce | 27 | 130 | 154 | 20k+ | Non Prefixed Variable Found | |
| #454 | Presto Player | 27 | 131 | 124 | 100k+ | Missing Arg Domain | |
| #455 | Rate My Post – Star Rating Plugin by FeedbackWP | 27 | 222 | 360 | 20k+ | Output Not Escaped | |
| #456 | Robokassa payment gateway for Woocommerce | 27 | 95 | 211 | 3k+ | Non Prefixed Variable Found | |
| #457 | Simple Download Monitor | 27 | 218 | 273 | 20k+ | Output Not Escaped | |
| #458 | Speed Booster Pack ⚡ PageSpeed Optimization Suite | 27 | 108 | 187 | 9k+ | Missing Translators Comment | |
| #459 | Watu Quiz | 27 | 1,089 | 1,014 | 3k+ | Output Not Escaped | |
| #460 | WP-DBManager | 27 | 386 | 304 | 60k+ | Non Prefixed Variable Found | |
| #461 | WP Events Manager | 27 | 294 | 415 | 30k+ | Output Not Escaped | |
| #462 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | Input Not Sanitized | |
| #463 | WP Activity Log | 27 | 96 | 230 | 300k+ | Recommended | |
| #464 | Redirection for Contact Form 7 | 27 | 34 | 374 | 200k+ | Non Prefixed Variable Found | |
| #465 | Fluent Support – Helpdesk & Customer Support Ticket System | 28 | 50 | 271 | 10k+ | Direct Query | |
| #466 | Reviews and Rating – Google Reviews | 28 | 343 | 219 | 20k+ | Text Domain Mismatch | |
| #467 | Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery | 28 | 384 | 175 | 10k+ | Text Domain Mismatch | |
| #468 | GTmetrix for WordPress | 28 | 109 | 70 | 8k+ | Output Not Escaped | |
| #469 | Laposta Signup Basic | 28 | 275 | 66 | 2k+ | Output Not Escaped | |
| #470 | درگاه پرداخت بانک ملت ووکامرس | 28 | 61 | 130 | 2k+ | Missing Unslash | |
| #471 | My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) | 28 | 161 | 400 | 100k+ | Non Prefixed Variable Found | |
| #472 | Perfect Brands for WooCommerce | 28 | 112 | 143 | 40k+ | Non Prefixed Constant Found | |
| #473 | Responsive Lightbox & Gallery | 28 | 139 | 513 | 100k+ | Non Prefixed Hookname Found | |
| #474 | Transliterator – Multilingual and Multi-script Text Conversion | 28 | 305 | 320 | 3k+ | Output Not Escaped | |
| #475 | Sparkle Demo Importer | 28 | 307 | 166 | 6k+ | Text Domain Mismatch | |
| #476 | Temporary Login Without Password | 28 | 128 | 131 | 100k+ | wp function not compatible with requires wp | |
| #477 | Ultimate FAQ Accordion Plugin | 28 | 386 | 227 | 30k+ | Unsafe Printing Function | |
| #478 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing | |
| #479 | 10WebSocial | 28 | 584 | 185 | 10k+ | Unsafe Printing Function | |
| #480 | WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce | 28 | 173 | 226 | 5k+ | Output Not Escaped | |
| #481 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output Not Escaped | |
| #482 | Alt Text AI – Automatically generate image alt text for SEO and accessibility | 29 | 72 | 280 | 20k+ | Non Prefixed Variable Found | |
| #483 | aThemeArt Theme Helper | 29 | 206 | 151 | 2k+ | Non Prefixed Variable Found | |
| #484 | Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) | 29 | 481 | 313 | 2k+ | Text Domain Mismatch | |
| #485 | Bitcoin Payments – Blockonomics | 29 | 208 | 227 | 3k+ | Output Not Escaped | |
| #486 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Missing Unslash | |
| #487 | Database Cleaner | 29 | 135 | 297 | 10k+ | Direct Query | |
| #488 | DB Cache Reloaded Fix | 29 | 133 | 42 | 2k+ | Output Not Escaped | |
| #489 | Document Gallery | 29 | 183 | 98 | 8k+ | Output Not Escaped | |
| #490 | Interactive Image Map Plugin – Draw Attention | 29 | 620 | 227 | 20k+ | Output Not Escaped | |
| #491 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | |
| #492 | Kali Forms — Contact Form & Drag-and-Drop Builder | 29 | 76 | 265 | 10k+ | Dynamic Hookname Found | |
| #493 | Kits, Templates and Patterns | 29 | 380 | 91 | 5k+ | Text Domain Mismatch | |
| #494 | Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | 29 | 80 | 162 | 200k+ | Recommended | |
| #495 | PhastPress | 29 | 95 | 52 | 10k+ | Exception Not Escaped | |
| #496 | SQLite Database Integration | 29 | 161 | 89 | 3k+ | Exception Not Escaped | |
| #497 | Visualizer – Tables & Charts Manager with Built-in AI Generator | 29 | 348 | 331 | 20k+ | Output Not Escaped | |
| #498 | Widget for Yelp Reviews | 29 | 147 | 158 | 2k+ | Output Not Escaped | |
| #499 | Woostify Sites Library | 29 | 229 | 198 | 20k+ | Text Domain Mismatch | |
| #500 | WP-PostRatings | 29 | 425 | 384 | 30k+ | Output Not Escaped |
