WordPress.WP.AlternativeFunctions.file_system_operations_fsockopen
file system operations fsockopen
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #101 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing | |
| #102 | User Verification by PickPlugins | 29 | 41 | 314 | 5k+ | Missing Unslash | |
| #103 | Widget for Yelp Reviews | 29 | 147 | 158 | 2k+ | Output Not Escaped | |
| #104 | Formzu WP | 30 | 167 | 163 | 3k+ | Text Domain Mismatch | |
| #105 | Zoho CRM Lead Magnet | 30 | 101 | 1,025 | 3k+ | Missing Unslash | |
| #106 | Download Plugin | 31 | 78 | 102 | 50k+ | Missing Unslash | |
| #107 | LWS Tools | 31 | 104 | 134 | 10k+ | Missing Unslash | |
| #108 | reCAPTCHA in WP comments form | 31 | 264 | 60 | 8k+ | Output Not Escaped | |
| #109 | WP 2-step verification | 32 | 154 | 65 | 1k+ | Output Not Escaped | |
| #110 | المنتور فارسی | 34 | 52 | 50 | 40k+ | curl curl setopt | |
| #111 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 10k+ | Output Not Escaped | |
| #112 | Erident Custom Login and Dashboard | 38 | 122 | 28 | 8k+ | Unsafe Printing Function | |
| #113 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output Not Escaped | |
| #114 | Heroic Favicon Generator | 41 | 104 | 7 | 6k+ | Output Not Escaped | |
| #115 | reCAPTCHA for Asgaros Forum | 45 | 21 | 36 | 4k+ | Input Not Validated | |
| #116 | SpinupWP | 49 | 43 | 38 | 30k+ | Non Prefixed Function Found | |
| #117 | Mailster AmazonSES Integration | 60 | 52 | 25 | 2k+ | Missing Arg Domain | |
| #118 | Mailster WordPress Newsletter Plugin | 69 | 14 | 11 | 8k+ | Output Not Escaped |
