WordPress.WP.AlternativeFunctions.file_system_operations_fopen

file system operations fopen

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#201ЮKassa для WooCommerce225901689k+Short PHP open tag found
#202Admin and Site Enhancements (ASE)23136330200k+Nonce verification recommended
#203AI Engine – The Chatbot, AI Framework & MCP for WordPress23412539100k+error log error log
#204Affiliate Super Assistent231,2802672k+Text Domain Mismatch
#205AR for WordPress23151499400Non-prefixed global variable
#206Autoptimize23288191800k+Output is not escaped
#207Kadence Security – Password, Two Factor Authentication, and Brute Force Protection231,053967700k+Missing Translators Comment
#208Booking calendar, Appointment Booking System231,0791,1254k+Output is not escaped
#209BSK PDF Manager231,5766257k+Text Domain Mismatch
#210Business Directory Plugin – Easy Listing Directories for WordPress236111,05810k+Non-prefixed global variable
#211Geo Controller23914501k+Non-prefixed global variable
#212WPBot – AI ChatBot for Live Support, Lead Generation, AI Services234741,1535k+Non-prefixed global variable
#213Church Admin231,6434,202900Direct Query
#214Classified Listing – AI-Powered Classified ads & Business Directory231552,0749k+Non-prefixed global variable
#215CLUEVO LMS, E-Learning Platform231,8431,176400Text Domain Mismatch
#216Content Egg – Affiliate Product Importer & Price Comparison231,2311,25710k+Non-prefixed global variable
#217Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe239,31026,6421k+Non-prefixed global variable
#218Free Theme Builder for Elementor – CRT Addons (Header, Footer, Archive, WooCommerce & 50+ Widgets)237912,331400Non-prefixed global variable
#219CWW Companion233072231k+Output is not escaped
#220DK PDF – WordPress PDF Generator237443353k+Exception output is not escaped
#221Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification236756431k+Unsafe printing function
#222Easy Digital Downloads – eCommerce Payments and Subscriptions made easy233,72310,28340k+Non-prefixed namespace
#223EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder233561,5152k+Non-prefixed global variable
#224Error Log Monitor236941,41420k+Non-prefixed global variable
#225Essential Real Estate235295,0608k+Non-prefixed global variable
#226Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI233951,34290k+Non-prefixed global variable
#227Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light23386999400Non-prefixed global variable
#228Export WordPress Pages to Static HTML & PDF — Static Site Export234903014k+Text Domain Mismatch
#229Ezoic2343251610k+Output is not escaped
#230Fastcache by Host.it231,327203700Text Domain Mismatch
#231Filr – Secure document library237751,317800Non-prefixed global variable
#232Five-Star Ratings Shortcode236041,317600Non-prefixed global variable
#233Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder234,7461,27930k+Non Singular String Literal Domain
#234Futurio Extra2378720520k+Text Domain Mismatch
#235FV Flowplayer Video Player231,3111,45420k+Output is not escaped
#236GAinWP Google Analytics Integration for WordPress235251768k+Output is not escaped
#237Anti-Malware Security and Brute-Force Firewall23543965100k+Output is not escaped
#238Groundhogg — CRM, Newsletters, and Marketing Automation231369142k+Non-prefixed global variable
#239Houzez Property Feed231,4641,5851k+Text Domain Mismatch
#240Import from YML2397308400Non-prefixed global variable
#241IP Geo Block233995899k+Output is not escaped
#242Jetpack – WP Security, Backup, Speed, & Growth232,8211,3033m+Text Domain Mismatch
#243Kenta Companion236571,4192k+Non-prefixed global variable
#244King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder231,8313,87810k+Non-prefixed global variable
#245Masteriyo LMS – LMS Course Builder, Quizzes & Certificates231902,1225k+Non-prefixed global variable
#246License Manager for WooCommerce231298196k+Request data is not unslashed
#247Link Whisper Free233,8825,30330k+Text Domain Mismatch
#248Locatoraid Store Locator233186451k+Non-prefixed global variable
#249MailPoet – Newsletters, Email Marketing, and Automation23931719500k+Exception output is not escaped
#250Master Slider – Responsive Touch Slider2380040860k+Output is not escaped