WordPress.WP.AlternativeFunctions.file_system_operations_fopen
file system operations fopen
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #751 | HFD ePost Integration | 31 | 186 | 110 | 1k+ | Text Domain Mismatch | ||
| #752 | Image Hotspot – Map Image Annotation | 31 | 95 | 283 | 3k+ | Non-prefixed global variable | ||
| #753 | Interactive Image Map Builder | 31 | 160 | 381 | 1k+ | Non-prefixed global variable | ||
| #754 | Linguise – AI Automatic Multilingual Translation | 31 | 61 | 282 | 1k+ | Non-prefixed global variable | ||
| #755 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #756 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #757 | Mailgun for WordPress | 31 | 144 | 78 | 80k+ | Unsafe printing function | ||
| #758 | Pop-up | 31 | 103 | 91 | 10k+ | Output is not escaped | ||
| #759 | Post Pay Counter | 31 | 639 | 238 | 1k+ | Output is not escaped | ||
| #760 | Qode Essential Addons | 31 | 55 | 295 | 10k+ | Non-prefixed global variable | ||
| #761 | Sidebar Manager Light | 31 | 221 | 76 | 1k+ | Text Domain Mismatch | ||
| #762 | Slider Carousel – Image Slider | 31 | 224 | 1,233 | 3k+ | Request data is not unslashed | ||
| #763 | SmartBill Facturare si Gestiune | 31 | 421 | 164 | 5k+ | Text Domain Mismatch | ||
| #764 | SpeedyCache – Cache, Optimization, Performance | 31 | 65 | 118 | 600k+ | Input is not validated | ||
| #765 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #766 | Big File Uploads – Increase Maximum File Upload Size | 31 | 101 | 92 | 100k+ | Output is not escaped | ||
| #767 | User Spam Remover | 31 | 115 | 14 | 1k+ | Output is not escaped | ||
| #768 | Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification | 31 | 284 | 830 | 2k+ | Missing nonce verification | ||
| #769 | Tooltips for WordPress | 31 | 312 | 252 | 5k+ | Output is not escaped | ||
| #770 | HireZoot – (WP Job Openings) Job Listings, Career Page & Recruitment Tool | 31 | 14 | 539 | 40k+ | Non-prefixed global variable | ||
| #771 | WP ULike – Like & Dislike Buttons for Engagement and Feedback | 31 | 269 | 358 | 60k+ | Output is not escaped | ||
| #772 | Hosting Benchmark tool | 31 | 202 | 115 | 4k+ | rand rand | ||
| #773 | YML for Yandex Market | 31 | 37 | 293 | 10k+ | Non-prefixed global variable | ||
| #774 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #775 | ACME Divi Modules | 32 | 573 | 35 | 400 | Text Domain Mismatch | ||
| #776 | Affiliate Coupons – Coupon Display Manager – Excellent Tool for Affiliate Marketers | 32 | 183 | 61 | 1k+ | Output is not escaped | ||
| #777 | AI Alt Text Generator | 32 | 76 | 24 | 1k+ | Missing Translators Comment | ||
| #778 | Speed Kit | 32 | 296 | 73 | 2k+ | Output is not escaped | ||
| #779 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | Unsafe printing function | ||
| #780 | Code Manager | 32 | 217 | 261 | 500 | Nonce verification recommended | ||
| #781 | Contact Form Block | 32 | 64 | 77 | 500 | Non Singular String Literal Domain | ||
| #782 | Cooked – Recipe Management | 32 | 462 | 275 | 3k+ | Output is not escaped | ||
| #783 | CSV Import and Exporter | 32 | 83 | 138 | 1k+ | Non-prefixed global variable | ||
| #784 | Download Attachments | 32 | 69 | 188 | 8k+ | Non-prefixed hook name | ||
| #785 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | 32 | 560 | 198 | 6k+ | Text Domain Mismatch | ||
| #786 | GlotPress | 32 | 403 | 103 | 500 | Unsafe printing function | ||
| #787 | Translate WordPress with GTranslate | 32 | 82 | 364 | 900k+ | Non-prefixed global variable | ||
| #788 | Gwolle Guestbook | 32 | 269 | 527 | 20k+ | Output is not escaped | ||
| #789 | Manager for IcoMoon | 32 | 270 | 68 | 400 | Short PHP open tag found | ||
| #790 | DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce | 32 | 166 | 119 | 5k+ | Output is not escaped | ||
| #791 | Persian Admnin Fonts | 32 | 343 | 468 | 500 | Non-prefixed global variable | ||
| #792 | Responsive Filterable Portfolio Gallery – Media Grid & Video Portfolio | 32 | 436 | 163 | 1k+ | Output is not escaped | ||
| #793 | Revolut Gateway for WooCommerce | 32 | 85 | 157 | 6k+ | Input is not sanitized | ||
| #794 | Shariff Wrapper | 32 | 33 | 404 | 30k+ | Non-prefixed global variable | ||
| #795 | Simple Ajax Chat – Add a Fast, Secure Chat Box | 32 | 108 | 266 | 2k+ | Output is not escaped | ||
| #796 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | Output is not escaped | ||
| #797 | Tumult Hype Animations | 32 | 56 | 117 | 1k+ | Output is not escaped | ||
| #798 | User Registration Using Contact Form 7 | 32 | 103 | 15 | 500 | wp function not compatible with requires wp | ||
| #799 | Easy 3D Viewer | 32 | 399 | 241 | 1k+ | Text Domain Mismatch | ||
| #800 | WT GeoTargeting | 32 | 89 | 43 | 1k+ | Output is not escaped |
