WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#701Pósturinn\'s Shipping with WooCommerce29713551500Text Domain Mismatch
#702Social Engine2913390600Exception output is not escaped
#703SQLite Database Integration29161893k+Exception output is not escaped
#704Tilda-publishing2921978700Output is not escaped
#705Visualizer – Tables & Charts Manager with Built-in AI Generator2934833120k+Output is not escaped
#706Widget for Yelp Reviews291471582k+Output is not escaped
#707Sofortueberweisung Gateway for Woocommerce2910471700Output is not escaped
#708Woostify Sites Library2922919820k+Text Domain Mismatch
#709WP-PostRatings2942538430k+Output is not escaped
#710XML for Google Merchant Center29523123k+Non-prefixed global variable
#711Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance30164439100k+Interpolated SQL is not prepared
#712ApplyOnline – Application Form Builder and Manager303452442k+Output is not escaped
#713Contact Form 7 Connector303241965k+Text Domain Mismatch
#714BrightEdge Autopilot3010831500curl curl setopt
#715EDI – Обмен данными между WooCommerce и 1С30284101600Text Domain Mismatch
#716Element Invader – Template Kits for Elementor302741303k+Output is not escaped
#717Eway Payment Gateway3050992800Missing Translators Comment
#718Export Plugins and Templates30143331k+file system operations fread
#719PiWeb Export Customers Users & Guest customer to CSV for WooCommerce30173751k+Text Domain Mismatch
#720Import WooCommerce Suite for Products, Orders, Coupons, Reviews, and Customers | WP Ultimate CSV Importer30804344k+Interpolated SQL is not prepared
#721Invisible reCaptcha for WordPress309018580k+Input is not sanitized
#722Jetpack Protect30657217100k+Text Domain Mismatch
#723Laposta Signup Embed3088191k+Exception output is not escaped
#724MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor3063227600k+Non-prefixed global variable
#725Novelist304751581k+Output is not escaped
#726Operation Demo Importer – Demo Importer For WPoperation Themes302451041k+Text Domain Mismatch
#727Popularis Extra302371417k+Output is not escaped
#728Pubjet | پاب‌جت30911721k+Output is not escaped
#729Rublon Multi-Factor Authentication (MFA)30216160500Output is not escaped
#730StoreBuild – Online Store Builder for WooCommerce30120211600Non-prefixed global variable
#731SmartCrawl SEO checker, analyzer & optimizer303471,30720k+Non-prefixed global variable
#732SMTP for Amazon SES – YaySMTP301971223k+Exception output is not escaped
#733Travelers' Map303111551k+Output is not escaped
#734Urvanov Syntax Highlighter30221873k+Output is not escaped
#735User Access Manager3039317110k+Output is not escaped
#736Widget Manager Light3023383600Text Domain Mismatch
#737Widgetize Pages Light301451043k+Output is not escaped
#738WooCommerce Tax (formerly WooCommerce Shipping & Tax)30103198600k+Non-prefixed class
#739Photo Gallery Slideshow & Masonry Tiled Gallery308063521k+Output is not escaped
#740Yaad Sarig Payment Gateway For WC301582712k+Nonce verification recommended
#741AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization31911332k+Output is not escaped
#742Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter315719650k+Nonce verification recommended
#743Asgaros Forum3116741210k+Output is not escaped
#744Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam3159870700Text Domain Mismatch
#745Newsletter Sign-Up for CleverReach31174722k+Output is not escaped
#746CleverReach® WP31103934k+Non-prefixed global variable
#747Codeless Page Builder31415258900Text Domain Mismatch
#748Download Plugin317810260k+Output is not escaped
#749Up2pay e-Transactions WooCommerce Payment Gateway314591754k+Text Domain Mismatch
#750Easy Upload Files During Checkout31220208500Unsafe printing function