WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
file system operations mkdir
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | 22 | 1,044 | 799 | 300k+ | Non-prefixed global variable | ||
| #102 | Slim Jetpack | 22 | 2,586 | 1,947 | 2k+ | Text Domain Mismatch | ||
| #103 | SSL Zen — SSL Certificate Installer & HTTPS Redirects | 22 | 780 | 1,585 | 10k+ | Non-prefixed global variable | ||
| #104 | Stylish Price List – Price Table Builder & QR Code Restaurant Menu | 22 | 674 | 678 | 3k+ | Output is not escaped | ||
| #105 | Swift Performance Lite | 22 | 2,346 | 1,325 | 7k+ | Text Domain Mismatch | ||
| #106 | Theme Editor | 22 | 798 | 685 | 50k+ | Output is not escaped | ||
| #107 | Unlimited Elements Blocks Library | 22 | 708 | 1,822 | 400 | Non-prefixed global variable | ||
| #108 | Welcart e-Commerce | 22 | 10,378 | 10,931 | 10k+ | Text Domain Mismatch | ||
| #109 | Wenprise WeChatPay Payment Gateway For WooCommerce | 22 | 443 | 178 | 400 | Exception output is not escaped | ||
| #110 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non-prefixed class | ||
| #111 | Asset CleanUp: Page Speed Booster | 22 | 2,030 | 2,485 | 100k+ | Non-prefixed global variable | ||
| #112 | File Manager | 22 | 740 | 520 | 1m+ | Unsafe printing function | ||
| #113 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 918 | 916 | 70k+ | Exception output is not escaped | ||
| #114 | Wp-Insert | 22 | 267 | 301 | 10k+ | Output is not escaped | ||
| #115 | WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript | 22 | 164 | 257 | 9k+ | Non-prefixed constant | ||
| #116 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #117 | ShopWP | 22 | 430 | 225 | 700 | Text Domain Mismatch | ||
| #118 | WPSSO Core – Complete Schema Markup and Meta Tags | 22 | 1,407 | 412 | 5k+ | Missing Translators Comment | ||
| #119 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | ||
| #120 | ЮKassa для WooCommerce | 22 | 590 | 168 | 9k+ | Short PHP open tag found | ||
| #121 | Recipe Cards For Your Food Blog from Zip Recipes | 22 | 1,126 | 1,731 | 1k+ | Non-prefixed global variable | ||
| #122 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | Nonce verification recommended | ||
| #123 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | Text Domain Mismatch | ||
| #124 | Autoptimize | 23 | 288 | 191 | 800k+ | Output is not escaped | ||
| #125 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #126 | Booking calendar, Appointment Booking System | 23 | 1,079 | 1,125 | 4k+ | Output is not escaped | ||
| #127 | Geo Controller | 23 | 91 | 450 | 1k+ | Non-prefixed global variable | ||
| #128 | Classified Listing – AI-Powered Classified ads & Business Directory | 23 | 155 | 2,074 | 9k+ | Non-prefixed global variable | ||
| #129 | CLUEVO LMS, E-Learning Platform | 23 | 1,843 | 1,176 | 400 | Text Domain Mismatch | ||
| #130 | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 23 | 9,310 | 26,642 | 1k+ | Non-prefixed global variable | ||
| #131 | DK PDF – WordPress PDF Generator | 23 | 744 | 335 | 3k+ | Exception output is not escaped | ||
| #132 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non-prefixed namespace | ||
| #133 | Error Log Monitor | 23 | 694 | 1,414 | 20k+ | Non-prefixed global variable | ||
| #134 | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI | 23 | 395 | 1,342 | 90k+ | Non-prefixed global variable | ||
| #135 | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | 23 | 386 | 999 | 400 | Non-prefixed global variable | ||
| #136 | Export WordPress Pages to Static HTML & PDF — Static Site Export | 23 | 490 | 301 | 4k+ | Text Domain Mismatch | ||
| #137 | Ezoic | 23 | 432 | 516 | 10k+ | Output is not escaped | ||
| #138 | Fastcache by Host.it | 23 | 1,327 | 203 | 700 | Text Domain Mismatch | ||
| #139 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | Non Singular String Literal Domain | ||
| #140 | Tracking and Consent Manager – WP Full Picture | 23 | 1,280 | 3,223 | 3k+ | Non-prefixed global variable | ||
| #141 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | Output is not escaped | ||
| #142 | GAinWP Google Analytics Integration for WordPress | 23 | 525 | 176 | 8k+ | Output is not escaped | ||
| #143 | Anti-Malware Security and Brute-Force Firewall | 23 | 543 | 965 | 100k+ | Output is not escaped | ||
| #144 | Interactive Content – H5P | 23 | 565 | 380 | 40k+ | Non Singular String Literal Domain | ||
| #145 | Houzez Property Feed | 23 | 1,464 | 1,585 | 1k+ | Text Domain Mismatch | ||
| #146 | Import from YML | 23 | 97 | 308 | 400 | Non-prefixed global variable | ||
| #147 | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | 23 | 91 | 693 | 300k+ | Non-prefixed namespace | ||
| #148 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #149 | MailPoet – Newsletters, Email Marketing, and Automation | 23 | 931 | 719 | 500k+ | Exception output is not escaped | ||
| #150 | Media Library Assistant | 23 | 1,144 | 3,943 | 70k+ | Nonce verification recommended |