WordPress.WP.AlternativeFunctions.file_system_operations_fopen
file system operations fopen
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #201 | ЮKassa для WooCommerce | 22 | 590 | 168 | 9k+ | Short PHP open tag found | ||
| #202 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | Nonce verification recommended | ||
| #203 | AI Engine – The Chatbot, AI Framework & MCP for WordPress | 23 | 412 | 539 | 100k+ | error log error log | ||
| #204 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | Text Domain Mismatch | ||
| #205 | AR for WordPress | 23 | 151 | 499 | 400 | Non-prefixed global variable | ||
| #206 | Autoptimize | 23 | 288 | 191 | 800k+ | Output is not escaped | ||
| #207 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #208 | Booking calendar, Appointment Booking System | 23 | 1,079 | 1,125 | 4k+ | Output is not escaped | ||
| #209 | BSK PDF Manager | 23 | 1,576 | 625 | 7k+ | Text Domain Mismatch | ||
| #210 | Business Directory Plugin – Easy Listing Directories for WordPress | 23 | 611 | 1,058 | 10k+ | Non-prefixed global variable | ||
| #211 | Geo Controller | 23 | 91 | 450 | 1k+ | Non-prefixed global variable | ||
| #212 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 474 | 1,153 | 5k+ | Non-prefixed global variable | ||
| #213 | Church Admin | 23 | 1,643 | 4,202 | 900 | Direct Query | ||
| #214 | Classified Listing – AI-Powered Classified ads & Business Directory | 23 | 155 | 2,074 | 9k+ | Non-prefixed global variable | ||
| #215 | CLUEVO LMS, E-Learning Platform | 23 | 1,843 | 1,176 | 400 | Text Domain Mismatch | ||
| #216 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | Non-prefixed global variable | ||
| #217 | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 23 | 9,310 | 26,642 | 1k+ | Non-prefixed global variable | ||
| #218 | Free Theme Builder for Elementor – CRT Addons (Header, Footer, Archive, WooCommerce & 50+ Widgets) | 23 | 791 | 2,331 | 400 | Non-prefixed global variable | ||
| #219 | CWW Companion | 23 | 307 | 223 | 1k+ | Output is not escaped | ||
| #220 | DK PDF – WordPress PDF Generator | 23 | 744 | 335 | 3k+ | Exception output is not escaped | ||
| #221 | Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification | 23 | 675 | 643 | 1k+ | Unsafe printing function | ||
| #222 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non-prefixed namespace | ||
| #223 | EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder | 23 | 356 | 1,515 | 2k+ | Non-prefixed global variable | ||
| #224 | Error Log Monitor | 23 | 694 | 1,414 | 20k+ | Non-prefixed global variable | ||
| #225 | Essential Real Estate | 23 | 529 | 5,060 | 8k+ | Non-prefixed global variable | ||
| #226 | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI | 23 | 395 | 1,342 | 90k+ | Non-prefixed global variable | ||
| #227 | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | 23 | 386 | 999 | 400 | Non-prefixed global variable | ||
| #228 | Export WordPress Pages to Static HTML & PDF — Static Site Export | 23 | 490 | 301 | 4k+ | Text Domain Mismatch | ||
| #229 | Ezoic | 23 | 432 | 516 | 10k+ | Output is not escaped | ||
| #230 | Fastcache by Host.it | 23 | 1,327 | 203 | 700 | Text Domain Mismatch | ||
| #231 | Filr – Secure document library | 23 | 775 | 1,317 | 800 | Non-prefixed global variable | ||
| #232 | Five-Star Ratings Shortcode | 23 | 604 | 1,317 | 600 | Non-prefixed global variable | ||
| #233 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | Non Singular String Literal Domain | ||
| #234 | Futurio Extra | 23 | 787 | 205 | 20k+ | Text Domain Mismatch | ||
| #235 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | Output is not escaped | ||
| #236 | GAinWP Google Analytics Integration for WordPress | 23 | 525 | 176 | 8k+ | Output is not escaped | ||
| #237 | Anti-Malware Security and Brute-Force Firewall | 23 | 543 | 965 | 100k+ | Output is not escaped | ||
| #238 | Groundhogg — CRM, Newsletters, and Marketing Automation | 23 | 136 | 914 | 2k+ | Non-prefixed global variable | ||
| #239 | Houzez Property Feed | 23 | 1,464 | 1,585 | 1k+ | Text Domain Mismatch | ||
| #240 | Import from YML | 23 | 97 | 308 | 400 | Non-prefixed global variable | ||
| #241 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #242 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #243 | Kenta Companion | 23 | 657 | 1,419 | 2k+ | Non-prefixed global variable | ||
| #244 | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | 23 | 1,831 | 3,878 | 10k+ | Non-prefixed global variable | ||
| #245 | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates | 23 | 190 | 2,122 | 5k+ | Non-prefixed global variable | ||
| #246 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #247 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | Text Domain Mismatch | ||
| #248 | Locatoraid Store Locator | 23 | 318 | 645 | 1k+ | Non-prefixed global variable | ||
| #249 | MailPoet – Newsletters, Email Marketing, and Automation | 23 | 931 | 719 | 500k+ | Exception output is not escaped | ||
| #250 | Master Slider – Responsive Touch Slider | 23 | 800 | 408 | 60k+ | Output is not escaped |