WordPress.WP.AlternativeFunctions.file_system_operations_fwrite

file system operations fwrite

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#651Abandoned Checkout Recovery & Order Notifications for WooCommerce3510877800Text Domain Mismatch
#652Air WP Sync – Airtable to WordPress3537451k+Non-prefixed hook name
#653Cloudflare352785200k+Non-prefixed namespace
#654CompressX — AVIF & WebP Converter, Media Replacement352642340k+Missing nonce verification
#655Cookies and Content Security Policy3526141210k+Output is not escaped
#656Custom CSS and JavaScript35389110k+Input is not sanitized
#657Nexi Checkout35453083k+Dynamic hook name
#658Dintero Checkout for WooCommerce Payment Methods355848600Text Domain Mismatch
#659External Links Overview3557200800Non-prefixed global variable
#660Windows Compatibility Fix351361k+Plugin Directory Write
#661Full Width Banner Slider Wp352391402k+Output is not escaped
#662Gumlet – Image optimization with Resize, Compression, Lazy load, Caching & CDN delivery355345500parse url parse url
#663Import Users & Customers with Meta | WP Ultimate CSV Importer Add-on35271405k+Interpolated SQL is not prepared
#664Instant CSS3525253k+Output is not escaped
#665Static Site Exporter355425500file system operations mkdir
#666Kustom Checkout for WooCommerce3510150510k+Dynamic hook name
#667Lenix scss compiler3513334800Exception output is not escaped
#668Less PHP Compiler35163473k+Exception output is not escaped
#669Media Credit3528351k+Non-prefixed global variable
#670Movylo Marketing Automation353888700error log print r
#671NewsPlugin358453400Text Domain Mismatch
#672NS Cloner – Site Cloner and Multisite Duplicator3529167k+Missing direct file access protection
#673Meta pixel for WordPress359040400k+Exception output is not escaped
#674OPcache Reset3597400Non-prefixed function
#675Plausible Analytics352446110k+Exception output is not escaped
#676Post List Featured Image35112100900Output is not escaped
#677QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly352251108k+Non Singular String Literal Domain
#678Security Optimizer – The All-In-One Protection Plugin3540861m+Input is not sanitized
#679Simple History – Track, Log, and Audit WordPress Changes3532122300k+Non-prefixed global variable
#680Image Quality Control | Still BE355444400Missing Translators Comment
#681String locator3552319100k+Non-prefixed global variable
#682The Courier Guy Shipping for WooCommerce35571073k+Missing nonce verification
#683Vendi Abandoned Plugin Check351331k+trademarked term
#684Video Grid352531061k+Output is not escaped
#685Video Gallery35336178600Output is not escaped
#686ShipStation Live Rates for WooCommerce3540273900Non Singular String Literal Domain
#687Kybernaut IČO DIČ3579683k+Missing nonce verification
#688Easy Accept Payments via PayPal353221287k+Text Domain Mismatch
#689Database Backup for WordPress351288870k+Output is not escaped
#690WP-Paginate35375520k+Input is not validated
#691WP PGP Encrypted Emails356339400Output is not escaped
#692video carousel slider with lightbox353501361k+Output is not escaped
#693WSB HUB335361091k+Missing nonce verification
#694XServer Migrator35395310k+Interpolated SQL is not prepared
#695Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts35481145k+Non-prefixed hook name
#696authLdap3647304k+Exception output is not escaped
#697bpost shipping369743700Output is not escaped
#698Cashflows for WooCommerce3611836600Text Domain Mismatch
#699Simple SEO3616411310k+Non Singular String Literal Domain
#700CLP – Custom Login Page by NiteoThemes3624049700Output is not escaped