WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1001Heroic Favicon Generator4110476k+Output is not escaped
#1002iCount Payment Gateway4115322500Text Domain Mismatch
#1003Multiple Domain41421710k+Output is not escaped
#1004Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More414361100k+Request data is not unslashed
#1005Threat Scan Plugin412917400Output is not escaped
#1006Spam Protect for Contact Form 741166110k+Request data is not unslashed
#1007WP Media folders4119743k+Direct Query
#1008Gelato Integration for WooCommerce4236325k+Output is not escaped
#1009Mailster Cool Captcha426528400Text Domain Mismatch
#1010WP QuickLaTeX4241604k+Non-prefixed global variable
#1011WP SmartCrop4343124k+Output is not escaped
#1012SmartVideo – Video Player and CDN44295441k+Text Domain Mismatch
#1013WP Club Manager – WordPress Sports Club Plugin44171682600Non-prefixed global variable
#1014Contact Form 7 Signature Addon45147446k+Text Domain Mismatch
#1015Evergreen Countdown Timer45193352k+wp function not compatible with requires wp
#1016JetHost Total Care – Security & Enhancements451085800Direct Query
#1017Better image sizes4645232k+Text Domain Mismatch
#1018Official CleverReach® Plugin for WooCommerce463798400Non-prefixed global variable
#1019Export Import Menus46232810k+Missing nonce verification
#1020Gravity Forms Constant Contact4636273k+Non-prefixed class
#1021404 Image Redirection (Replace Broken Images)4711885500Text Domain Mismatch
#1022Import Users from CSV47331210k+Unsafe printing function
#1023Tabby Checkout4733464k+Non-prefixed class
#1024The Tribal Plugin474362800Non-prefixed function
#1025iControlWP4745591k+Missing direct file access protection
#1026WP Prefix Changer472716900Missing Arg Domain
#1027Compress, Resize & Lazy Load Images – WPvivid Image Optimization471075810k+Missing direct file access protection
#1028Ansar Import – One Click Starter Sites – for Elementor & Themes482711610k+Non-prefixed global variable
#1029Tag Pilot FREE – Google Tag Manager Integration for WooCommerce4835191k+Output is not escaped
#1030Instamojo for WooCommerce4872445k+Text Domain Mismatch
#1031wp-Monalisa485694700Direct Query
#1032Drag and Drop Multiple File Upload for WooCommerce49114295k+Text Domain Mismatch
#1033PDF Invoices & Packing Slips for WooCommerce – Challan49561514k+Non-prefixed global variable
#1034Event Organiser CSV502827600Output is not escaped
#1035Veeqo for WooCommerce503017700Missing direct file access protection
#1036Fullscreen Galleria523710800Output is not escaped
#1037Price Based on Country for WooCommerce524312620k+Non-prefixed hook name
#1038Connect Contact Form 7 and Mailchimp532905240k+Text Domain Mismatch
#1039CSV Importer5424113k+Missing direct file access protection
#1040Review Stream564142400Non-prefixed global variable
#1041ThemeinWP Import Companion5617144k+Unsafe printing function
#1042Known Agents – Track AI Bots and Crawlers, Block Scrapers, Analyze LLM Referral Traffic5737121k+Setting is missing a sanitization callback
#1043Gravity PDF5711615220k+Non-prefixed global variable
#1044PDF invoice for WP ERP58961342k+Non-prefixed global variable
#1045Videopack582810810k+Input is not sanitized
#1046flowpaper59133110k+Non-prefixed function
#1047Resize Image After Upload59151180k+Output is not escaped
#1048WC Korkmaz Contract – Contracts for WooCommerce59738600Non-prefixed global variable
#1049Surge6046474k+Non-prefixed global variable
#1050WoowGallery60151781k+Non-prefixed global variable