WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#601OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA)262725766k+Request data is not unslashed
#602Open User Map – Interactive Leaflet Maps2689398610k+Non-prefixed global variable
#603Paytium: Mollie payment forms & donations265065513k+Unsafe printing function
#604Pressidium Cookie Consent262039510k+Exception output is not escaped
#605Send Users Email – Email Subscribers, Email Marketing Newsletter261884155k+Non-prefixed global variable
#606SP Move Login268812156k+Text Domain Mismatch
#607Sliced Invoices – WordPress Invoice Plugin266844555k+Output is not escaped
#608URL Image Importer26142239700Missing nonce verification
#609User Avatar261041734k+Non-prefixed constant
#610VikWidgetsLoader – Collection of Widgets261,2115301k+Output is not escaped
#611Visitors Online by BestWebSoft265122691k+Text Domain Mismatch
#612Polls CP27399500400Output is not escaped
#613Custom Scrollbar271841912k+Output is not escaped
#614Cyrlitera – Transliteration of Links and File Names2745320440k+Output is not escaped
#615EZ SQL Reports Shortcode Widget and DB Backup27165158500Output is not escaped
#616Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin271221353k+Non-prefixed global variable
#617Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin272134952k+Non-prefixed global variable
#618Login for Google Apps271398510k+Exception output is not escaped
#619GSpeech TTS – WordPress Text To Speech Plugin278423333k+Output is not escaped
#620Hester Core2725310310k+Output is not escaped
#621ImageRecycle pdf & image compression273292041k+Text Domain Mismatch
#622iQ Block Country2716424520k+Request data is not unslashed
#623Login Security Solution272161544k+Output is not escaped
#624MLSImport – Download and synchronize real estate data from various MLS (Multiple Listing Services)271545515k+Non-prefixed global variable
#625MW WP Form27334219200k+Output is not escaped
#626Nextend Social Login and Register271,668243200k+Output is not escaped
#627Tussendoor – Open RDW27301140600Text Domain Mismatch
#628Packlink PRO for WooCommerce2713015420k+Non-prefixed global variable
#629Rate My Post – Star Rating Plugin by FeedbackWP2722236020k+Output is not escaped
#630Robokassa payment gateway for Woocommerce27952113k+Non-prefixed global variable
#631Simple Download Monitor2721827320k+Output is not escaped
#632Social Web Suite – Social Media Auto Post, Social Media Auto Publish2774164500Non-prefixed global variable
#633Speed Booster Pack ⚡ PageSpeed Optimization Suite271081879k+Missing Translators Comment
#634Stream Video Player27220135600Output is not escaped
#635Theme One Click Demo Importer27210157500Text Domain Mismatch
#636Verge3D Publishing and E-Commerce27245298400Nonce verification recommended
#637Watu Quiz271,0891,0143k+Output is not escaped
#638Mihdan: Ajax Edit Comments271,300523500Text Domain Mismatch
#639Content Pilot – Autoblogging & Affiliate Marketing Suite27299269900Output is not escaped
#640WP-DBManager2738630460k+Non-prefixed global variable
#641WP Events Manager2729441530k+Output is not escaped
#642WP Hide & Security Enhancer2712437550k+Input is not sanitized
#643wp-mpdf271233821k+Non-prefixed global variable
#644WP Activity Log2796230300k+Nonce verification recommended
#645Worthy – VG WORT Integration für WordPress271,3437731k+Output is not escaped
#646Redirection for Contact Form 72734374200k+Non-prefixed global variable
#647Code Engine – PHP Snippets, AI Functions & Automation for WordPress28124101700Non Singular String Literal Domain
#648Database Cleaner2813729710k+Direct Query
#649Dynamic User Directory284032561k+Output is not escaped
#650Educare – Students & Result Management System281,1141,043800Missing nonce verification