WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#801Advanced Custom Fields: Typography Field33445574k+Text Domain Mismatch
#802Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia3380172500Nonce verification recommended
#803Activity Plus Reloaded for BuddyPress3388931k+Output is not escaped
#804Cargus334864700Input is not sanitized
#805Century ToolKit3311878800Output is not escaped
#806Contact List – Online Staff Directory & Address Book331183421k+Nonce verification recommended
#807EchBay Phonering Alo3374471k+Output is not escaped
#808Human Presence – Stop Form Spam Without ReCaptcha3354651k+Request data is not unslashed
#809WP GIF Uploader33117441k+Text Domain Mismatch
#810IP2Location Redirection331941157k+Output is not escaped
#811Janolaw AGB Hosting33198111k+Short PHP open tag found
#812LWSCache33471046k+Non-prefixed global variable
#813Membership For WooCommerce3340659800Non-prefixed global variable
#814Merge + Minify + Refresh3378264k+date date
#815More Types33227198800Non-prefixed global variable
#816PeproDev WooCommerce Receipt Uploader33325491k+Non Singular String Literal Domain
#817Picture Gallery – Frontend Image Uploads, AJAX Photo List33112150400Request data is not unslashed
#818QNAP NAS Backup33374702k+Non Singular String Literal Domain
#819Save as PDF Plugin by PDFCrowd332992541k+Non-prefixed global variable
#820Social Rocket – Social Sharing Plugin331,0162551k+Unsafe printing function
#821Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce3342469400Non Singular String Literal Domain
#822Multi-Carrier Shippo Shipping Rates & Address Validation for WooCommerce33411733k+Non Singular String Literal Domain
#823PostNL for WooCommerce335981083k+Text Domain Mismatch
#824WP EXtra – One Click Optimize334141017k+Missing Arg Domain
#825EasyMedia – Increase Media Upload File Size | Role-Based Upload Limit | Increase Execution Time338213870k+Non-prefixed global variable
#826XML Sitemaps3365622k+Output is not escaped
#827affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display34326752k+Output is not escaped
#828AGCA – Custom Dashboard & Login Page343504420k+Unsafe printing function
#829All-in-One WP Migration and Backup3447695m+Missing nonce verification
#830AyeCode Connect3417825310k+Nonce verification recommended
#831Cache Master3437127400Output is not escaped
#832Debug Log Manager Tool34441433k+Nonce verification recommended
#833Download After Email – Subscribe & Download Form Plugin34223567k+Input is not validated
#834Dr. Flex3483511k+Output is not escaped
#835Einsatzverwaltung341521281k+Output is not escaped
#836Empik for Woocommerce3470259400Missing nonce verification
#837Export Customers Data3410949500Text Domain Mismatch
#838FV Gravatar Cache345042700Output is not escaped
#839Garden Gnome Package34116514k+Text Domain Mismatch
#840Geolocation IP Detection3422716720k+Output is not escaped
#841Gitium3414957400Output is not escaped
#842Image Cleanup3452941k+Nonce verification recommended
#843HTML Import 234273265k+Unsafe printing function
#844IP2Location Country Blocker342958830k+Output is not escaped
#845MantraBrain Starter Sites | MantraBrain Theme Demo Importer34117611k+Output is not escaped
#846Meow Lightbox34775210k+Non Singular String Literal Domain
#847Montonio for WooCommerce344425710k+Non-prefixed global variable
#848NextGEN Gallery Optimizer34128922k+Output is not escaped
#849Payoneer Checkout34168415k+Exception output is not escaped
#850PDF Invoices and Packing Slips For WooCommerce341082841k+Non-prefixed global variable