WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#551TranslatePress – Translate Multilingual sites with AI Translation254551,545400k+Non-prefixed function
#552Spectra Gutenberg Blocks – Website Builder for the Block Editor252533,2271m+Non-prefixed global variable
#553Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor256911,58150k+Non-prefixed global variable
#554Social Media Share Buttons & Social Sharing Icons252,4331,383100k+Unsafe printing function
#555Social Share Icons & Social Share Buttons252,3651,35710k+Output is not escaped
#556Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP25205959500Request data is not unslashed
#557VikAppointments Services Booking Calendar259,7535,207500Output is not escaped
#558VikBooking Hotel Booking Engine & PMS2513,2448,3148k+Output is not escaped
#559VikRentCar Car Rental Management System255,5375,0484k+Non-prefixed global variable
#560VikRestaurants Table Reservations and Take-Away2511,6444,932600Output is not escaped
#561PDF Builder for WooCommerce. Create invoices,packing slips and more253725032k+Non-prefixed global variable
#562Pay with Vipps and MobilePay for WooCommerce258465145k+Output is not escaped
#563WordPress Importer252381102m+Output is not escaped
#564Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals2513735360k+Input is not sanitized
#565Comments Extra Fields For Post,Pages and CPT25577418500Text Domain Mismatch
#566WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards251,4311,27010k+Output is not escaped
#567WP Review Slider251,1862,2796k+Non-prefixed global variable
#568WP Go Maps – Google Map, OpenStreetMap, Leaflet Map254,9961,008300k+Unsafe printing function
#569WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security257271,55450k+Non-prefixed global variable
#570WP Photo Album Plus2531,79910k+Direct Query
#571WP-Polls2561863940k+Unsafe printing function
#572Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF2515811860k+Non-prefixed global variable
#573SlimStat Analytics251,17787070k+Exception output is not escaped
#574Smush – Image Optimization, Compression, Lazy Load, WebP & CDN252525661m+Non-prefixed hook name
#575Wp Social Login and Register Social Counter258073890k+Non-prefixed global variable
#576WP Statistics – Simple, privacy-friendly Google Analytics alternative256102,465600k+Non-prefixed global variable
#577WP Super Cache258009891m+Output is not escaped
#578WP Time Slots Booking Form254391,1371k+Non-prefixed global variable
#579WPCargo Track & Trace2523955710k+Non-prefixed global variable
#580Team Members Showcase255911,4944k+Non-prefixed global variable
#581WPvivid Backup for MainWP258181,79410k+Missing nonce verification
#582WPvivid — Backup, Migration & Staging258991,461900k+Non-prefixed namespace
#583Backup, Restore and Migrate your sites with XCloner2523886410k+Input is not sanitized
#584YeeMail — Email Template Builder & Customizer25606222600wp function not compatible with requires wp
#585ActiveCampaign for WooCommerce265411906k+Exception output is not escaped
#586AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)262862918k+Text Domain Mismatch
#587Attesa Extra263161511k+Output is not escaped
#588Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar265262635k+Output is not escaped
#589Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More269727010k+error log error log
#590Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty26113671400k+Non-prefixed global variable
#591Database for Contact Form 7, WPforms, Elementor forms2631748960k+Non-prefixed global variable
#592ELEX WooCommerce Google Shopping (Google Product Feed)262262421k+Text Domain Mismatch
#593Event Monster – Event Manager, Ticket Booking & Registration26781781700Non-prefixed global variable
#594ezCache2612726910k+Direct Query
#595Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager2611359790k+Non-prefixed global variable
#596FV Antispam26332239900Output is not escaped
#597Translate WordPress – Google Language Translator26200317100k+Non-prefixed global variable
#598Integrate Razorpay for Contact Form 72615297500curl curl setopt
#599Kadence Central – Site Management, Backups, Security, and Reporting2646221330k+Text Domain Mismatch
#600Media File Renamer: Rename for better SEO (AI-Powered)2615417040k+Direct Query