WordPress.WP.AlternativeFunctions.file_system_operations_is_writable

file system operations is writable

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#501Just TinyMCE Custom Styles36112281k+Missing Arg Domain
#502We’re Open!362731875k+Unsafe printing function
#503Search & Replace365053100k+Missing nonce verification
#504Shadowbox JS36246141k+Unsafe printing function
#505Rabo Smart Pay for WooCommerce3614754600Text Domain Mismatch
#506WP LaTeX3610312700Output is not escaped
#507WP Hardening (discontinued)362308510k+Text Domain Mismatch
#508WPAvatar3642545700Unsafe printing function
#509Wppao Sitemap36128219k+Output is not escaped
#510Adaptive Images for WordPress3751753k+Output is not escaped
#511Analytics Spam Blocker377622800Unsafe printing function
#512Async JavaScript373577970k+Unsafe printing function
#513CDEKDelivery3798752k+Exception output is not escaped
#514Debug Log Viewer3726831k+Missing nonce verification
#515Easy Testimonial Slider and Form3714144700Request data is not unslashed
#516JVM Rich Text Icons3787343k+Output is not escaped
#517Lightbox with PhotoSwipe371792420k+Output is not escaped
#518Phoenix Media Rename3717510450k+Output is not escaped
#519POEditor3778140500Output is not escaped
#520Sensei LMS Certificates37973624k+Non-prefixed global variable
#521Simple Image XML Sitemap37119161k+Output is not escaped
#522Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation37423310k+Output is not escaped
#523Special Text Boxes3738422k+Direct Query
#524Car Route Planner Plugin3813517400Output is not escaped
#525Clever Mega Menu for Elementor38835441k+Output is not escaped
#526ThumbPress – Compress Images, Manage Thumbnails, Detect Image Issues, WebP/AVIF, Lazy Loading, Hotlinking & More38218830k+Direct Query
#527Monetag Official Plugin38133325k+Text Domain Mismatch
#528SCSS WP Editor3811140900Exception output is not escaped
#529Author Image3851331k+Output is not escaped
#530Blogger Importer Extended3955454k+Output is not escaped
#531Prisna GWT – Google Website Translator39117778k+Text Domain Mismatch
#532PO/MO Editor39106451k+Unsafe printing function
#533WPEPP – Essential Security, Password Protect & Login Page Customizer3934293k+Unsupported Identifier Placeholder
#534WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload39592710k+Unsafe printing function
#535Complete Image Sitemap4055181k+Output is not escaped
#536Serviceform Pixel401822400Output is not escaped
#537Heroic Favicon Generator4110476k+Output is not escaped
#538MaxLimits – Increase Maximum Upload, Post & PHP Limits4199162k+Unsafe printing function
#539Simple Cache4133591k+Input is not sanitized
#540Gelato Integration for WooCommerce4236325k+Output is not escaped
#541WP QuickLaTeX4241604k+Non-prefixed global variable
#542Automatic Responsive Tables4367151k+Output is not escaped
#543404 Image Redirection (Replace Broken Images)4711885500Text Domain Mismatch
#544EasyFonts – Host Google Fonts Locally, Fast & Auto-Optimize, GDPR Compliant475581k+Interpolated SQL is not prepared
#545The Tribal Plugin474362800Non-prefixed function
#546iControlWP4745591k+Missing direct file access protection
#547Advanced Automatic Updates49262520k+Nonce verification recommended
#548SpinupWP49433830k+Non-prefixed function
#549PDF Invoices & Packing Slips for WooCommerce – Challan49561514k+Non-prefixed global variable
#550File Manager50427210k+Missing direct file access protection