PluginScore

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

file system operations is writable

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1BulletProof Security05,0484,94920k+2026-05-20Output Not Escaped
#2JetBackup – Backup, Restore & Migrate101,559145100k+2026-05-03Exception Not Escaped
#3Visual Composer Website Builder168232040k+2025-08-06Non Prefixed Variable Found
#4WPtouch – Make your WordPress Website Mobile-Friendly171,46632550k+2025-12-04Text Domain Mismatch
#5Prime Slider Addons for Elementor183,500230100k+2026-06-15Text Domain Mismatch
#6WP Import Export Lite1873897940k+2025-08-04Non Prefixed Variable Found
#7Element Pack – Widgets, Templates & Addons for Elementor199,448517100k+2026-06-16Text Domain Mismatch
#8Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution191,218901100k+2026-06-09Exception Not Escaped
#9Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,909878100k+2026-06-16Exception Not Escaped
#10Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization191,2952,6799k+2026-06-15Output Not Escaped
#11Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)195413853m+2026-06-17Missing Translators Comment
#12Membership Plugin – Kadence Memberships195,0822,9829k+2026-05-26Text Domain Mismatch
#13SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments195261,11990k+2026-06-16Non Prefixed Variable Found
#14BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot205081,40630k+2026-06-18Non Prefixed Variable Found
#15GiveWP – Donation Plugin and Fundraising Platform203,4353,580100k+2026-06-15Output Not Escaped
#16Link Library201,9411,39710k+2026-04-26Unsafe Printing Function
#17Microthemer Lite – Visual Editor to Customize CSS201,0041,69910k+2026-04-15Non Prefixed Variable Found
#18Nimble Page Builder201,5911,68430k+2025-03-24Missing Arg Domain
#19Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+2026-05-19Output Not Escaped
#20Store Locator WordPress212,3721,57210k+2026-06-03Text Domain Mismatch
#21Backup Migration219811,09380k+2026-06-05Non Prefixed Variable Found
#22CartFlows – Funnel Builder & Checkout Plugin for WooCommerce21461614200k+2026-06-02Text Domain Mismatch
#23Comet Cache2185724520k+2025-07-02Output Not Escaped
#24Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+2026-05-22Output Not Escaped
#25FileOrganizer – WordPress File Manager21536241200k+2026-06-10unlink unlink
#26Modular DS: Monitor, update, and backup multiple websites211618140k+2026-05-22Exception Not Escaped
#27Packeta218023338k+2025-11-07Exception Not Escaped
#28Five Star Restaurant Reservations – WordPress Booking Plugin211,0991,14710k+2026-06-19Output Not Escaped
#29WebP Express21160427300k+2026-06-19Non Prefixed Variable Found
#30Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools217863,39530k+2026-06-17Non Prefixed Variable Found
#31Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+2026-05-13Output Not Escaped
#32WP phpMyAdmin214,5286,43550k+2025-10-17Missing Arg Domain
#33wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,3541,14070k+2026-06-08Output Not Escaped
#34Ajax Load More – Infinite Scroll, Load More, & Lazy Load2264159540k+2026-06-04Unsafe Printing Function
#35Booking for Appointments and Events Calendar – Amelia221,48948090k+2026-06-18Exception Not Escaped
#36Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms2249329510k+2026-03-26Text Domain Mismatch
#37Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer222,8581,27050k+2026-04-23Text Domain Mismatch
#38E2Pdf – Export Pdf Tool for WordPress221,07583610k+2026-06-16Unsafe Printing Function
#39Events Manager – Calendar, Bookings, Tickets, and more!224,7225,62170k+2026-06-19Output Not Escaped
#40File Manager Pro – Filester22565391100k+2026-05-23Missing Unslash
#41GeoDirectory – WP Business Directory Plugin and Classified Listings Directory224,4623,97210k+2026-06-10Output Not Escaped
#42Anti-Malware Security and Brute-Force Firewall22544965100k+2026-03-09Output Not Escaped
#43InfiniteWP Client222,2861,812200k+2026-02-26Exception Not Escaped
#44LearnPress – WordPress LMS Plugin for Create and Sell Online Courses222,3613,38470k+2026-06-17Non Prefixed Variable Found
#45Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider22207323500k+2026-06-11Non Prefixed Variable Found
#46NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall221,2652,065100k+2026-06-07Non Prefixed Variable Found
#47NinjaScanner – Virus & Malware scan2259655130k+2026-06-09Non Prefixed Variable Found
#48Smart Popup by Supsystic223,17250310k+2026-05-31Non Singular String Literal Domain
#49Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App221,5812,326300k+2026-06-03Non Prefixed Variable Found
#50Prime Mover – Migrate WordPress Website & Backups221,3261,60010k+2026-06-06Non Prefixed Variable Found