WordPress.WP.AlternativeFunctions.file_system_operations_readfile
file system operations readfile
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | Themify Builder | 9 | 5,195 | 2,096 | 5k+ | Text Domain Mismatch | ||
| #2 | AnyComment | 17 | 445 | 449 | 5k+ | Output is not escaped | ||
| #3 | Efí Bank | 17 | 886 | 553 | 400 | Exception output is not escaped | ||
| #4 | Podlove Podcast Publisher | 18 | 2,326 | 1,429 | 3k+ | Output is not escaped | ||
| #5 | Realtyna Organic IDX plugin + WPL Real Estate | 18 | 930 | 3,636 | 2k+ | Non-prefixed global variable | ||
| #6 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | Non-prefixed global variable | ||
| #7 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,911 | 877 | 100k+ | Exception output is not escaped | ||
| #8 | Membership Plugin – Kadence Memberships | 19 | 5,082 | 2,982 | 9k+ | Text Domain Mismatch | ||
| #9 | WP Import Export Lite | 19 | 737 | 979 | 40k+ | Non-prefixed global variable | ||
| #10 | Broadstreet | 20 | 434 | 273 | 700 | Output is not escaped | ||
| #11 | GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership | 20 | 1,832 | 720 | 800 | Non Singular String Literal Domain | ||
| #12 | Link Library | 20 | 1,941 | 1,397 | 10k+ | Unsafe printing function | ||
| #13 | MBE eShip | 20 | 527 | 740 | 1k+ | Non-prefixed global variable | ||
| #14 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | 20 | 1,297 | 2,680 | 9k+ | Output is not escaped | ||
| #15 | Pix por Piggly (para Woocommerce) | 20 | 547 | 195 | 4k+ | Exception output is not escaped | ||
| #16 | Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score | 20 | 147 | 231 | 3k+ | Exception output is not escaped | ||
| #17 | WP Minify Fix | 20 | 306 | 380 | 800 | Output is not escaped | ||
| #18 | Backup Migration | 21 | 981 | 1,093 | 80k+ | Non-prefixed global variable | ||
| #19 | DELUCKS SEO | 21 | 362 | 1,171 | 400 | Missing nonce verification | ||
| #20 | Free Downloads WooCommerce | 21 | 430 | 359 | 4k+ | Output is not escaped | ||
| #21 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output is not escaped | ||
| #22 | Ebook Store | 21 | 666 | 1,087 | 700 | Non-prefixed global variable | ||
| #23 | Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More | 21 | 52 | 1,959 | 300k+ | Non-prefixed global variable | ||
| #24 | Mergado Pack | 21 | 2,323 | 588 | 700 | Output is not escaped | ||
| #25 | Mooberry Book Manager | 21 | 1,040 | 399 | 1k+ | Text Domain Mismatch | ||
| #26 | SeatReg | 21 | 312 | 1,637 | 400 | Missing nonce verification | ||
| #27 | Smart Forms – when you need more than just a contact form | 21 | 776 | 574 | 5k+ | Output is not escaped | ||
| #28 | Buckaroo Woocommerce Payments Plugin | 21 | 584 | 326 | 2k+ | Exception output is not escaped | ||
| #29 | Paysera Payment Gateway for WooCommerce | 21 | 1,866 | 195 | 7k+ | Exception output is not escaped | ||
| #30 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | Output is not escaped | ||
| #31 | WP Compress – Instant Performance & Speed Optimization | 21 | 3,367 | 3,253 | 10k+ | Non Singular String Literal Domain | ||
| #32 | WP-Lister Lite for eBay | 21 | 6,697 | 5,129 | 2k+ | Output is not escaped | ||
| #33 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | Missing Arg Domain | ||
| #34 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,811 | 1,432 | 70k+ | Output is not escaped | ||
| #35 | Frontend Admin by DynamiApps | 22 | 5,922 | 3,208 | 10k+ | Text Domain Mismatch | ||
| #36 | Backup Bolt | 22 | 580 | 1,313 | 800 | Non-prefixed global variable | ||
| #37 | Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots | 22 | 1,607 | 2,022 | 10k+ | Direct Query | ||
| #38 | Better WordPress Minify | 22 | 412 | 484 | 8k+ | Non Singular String Literal Domain | ||
| #39 | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | 22 | 2,858 | 1,270 | 50k+ | Text Domain Mismatch | ||
| #40 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | Non-prefixed global variable | ||
| #41 | Download Manager | 22 | 2,282 | 1,352 | 100k+ | Output is not escaped | ||
| #42 | FireBox Popups – Increase Sales and Grow Your Email List | 22 | 153 | 812 | 7k+ | Non-prefixed global variable | ||
| #43 | Csomagpontok és Címkék WooCommerce-hez | 22 | 2,001 | 769 | 7k+ | Text Domain Mismatch | ||
| #44 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #45 | Import WP – Export and Import CSV and XML files to WordPress | 22 | 580 | 330 | 4k+ | Exception output is not escaped | ||
| #46 | JCH Optimize | 22 | 1,143 | 136 | 4k+ | Output is not escaped | ||
| #47 | Jim Soft Swiss QR Invoice | 22 | 262 | 392 | 400 | Non-prefixed global variable | ||
| #48 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,346 | 3,341 | 70k+ | Non-prefixed global variable | ||
| #49 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,625 | 2,458 | 10k+ | Output is not escaped | ||
| #50 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | 22 | 1,131 | 1,844 | 800 | Non-prefixed global variable |