WordPress.WP.AlternativeFunctions.file_system_operations_fread
file system operations fread
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #301 | Surge | 60 | 46 | 47 | 4k+ | Non-prefixed global variable | ||
| #302 | WP Search with Algolia | 64 | 33 | 12 | 7k+ | Missing direct file access protection | ||
| #303 | Debug Log Manager – Conveniently Monitor and Inspect Errors | 66 | 33 | 44 | 10k+ | Input is not validated | ||
| #304 | Printful Integration for WooCommerce | 67 | 218 | 76 | 50k+ | Text Domain Mismatch | ||
| #305 | Custom Icons for Elementor and WPBakery | 74 | 35 | 38 | 10k+ | Non-prefixed global variable | ||
| #306 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | ||
| #307 | Soro – SEO Autopilot & AI Content Writer | 83 | 4 | 10 | 9k+ | Input is not sanitized | ||
| #308 | Microsoft Azure Storage for WordPress | 86 | 25 | 26 | 2k+ | Missing Translators Comment | ||
| #309 | Enable SVG, WebP, and ICO Upload | 96 | 12 | 16 | 10k+ | Non-prefixed global variable | ||
| #310 | Performant Translations | 97 | 5 | 9 | 40k+ | Non-prefixed global variable |
