WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1Themify Builder95,1952,0965k+Text Domain Mismatch
#2AnyComment174454495k+Output is not escaped
#3Efí Bank17886553400Exception output is not escaped
#4Podlove Podcast Publisher182,3261,4293k+Output is not escaped
#5Realtyna Organic IDX plugin + WPL Real Estate189303,6362k+Non-prefixed global variable
#6Shopping Cart & eCommerce Store185,45917,2984k+Non-prefixed global variable
#7Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,911877100k+Exception output is not escaped
#8Membership Plugin – Kadence Memberships195,0822,9829k+Text Domain Mismatch
#9WP Import Export Lite1973797940k+Non-prefixed global variable
#10Broadstreet20434273700Output is not escaped
#11GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership201,832720800Non Singular String Literal Domain
#12Link Library201,9411,39710k+Unsafe printing function
#13MBE eShip205277401k+Non-prefixed global variable
#14Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization201,2972,6809k+Output is not escaped
#15Pix por Piggly (para Woocommerce)205471954k+Exception output is not escaped
#16Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score201472313k+Exception output is not escaped
#17WP Minify Fix20306380800Output is not escaped
#18Backup Migration219811,09380k+Non-prefixed global variable
#19DELUCKS SEO213621,171400Missing nonce verification
#20Free Downloads WooCommerce214303594k+Output is not escaped
#21Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+Output is not escaped
#22Ebook Store216661,087700Non-prefixed global variable
#23Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More21521,959300k+Non-prefixed global variable
#24Mergado Pack212,323588700Output is not escaped
#25Mooberry Book Manager211,0403991k+Text Domain Mismatch
#26SeatReg213121,637400Missing nonce verification
#27Smart Forms – when you need more than just a contact form217765745k+Output is not escaped
#28Buckaroo Woocommerce Payments Plugin215843262k+Exception output is not escaped
#29Paysera Payment Gateway for WooCommerce211,8661957k+Exception output is not escaped
#30Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+Output is not escaped
#31WP Compress – Instant Performance & Speed Optimization213,3673,25310k+Non Singular String Literal Domain
#32WP-Lister Lite for eBay216,6975,1292k+Output is not escaped
#33WP phpMyAdmin214,5286,43550k+Missing Arg Domain
#34wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,8111,43270k+Output is not escaped
#35Frontend Admin by DynamiApps225,9223,20810k+Text Domain Mismatch
#36Backup Bolt225801,313800Non-prefixed global variable
#37Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots221,6072,02210k+Direct Query
#38Better WordPress Minify224124848k+Non Singular String Literal Domain
#39Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer222,8581,27050k+Text Domain Mismatch
#40RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login223,6545,0618k+Non-prefixed global variable
#41Download Manager222,2821,352100k+Output is not escaped
#42FireBox Popups – Increase Sales and Grow Your Email List221538127k+Non-prefixed global variable
#43Csomagpontok és Címkék WooCommerce-hez222,0017697k+Text Domain Mismatch
#44InfiniteWP Client222,2861,812200k+Exception output is not escaped
#45Import WP – Export and Import CSV and XML files to WordPress225803304k+Exception output is not escaped
#46JCH Optimize221,1431364k+Output is not escaped
#47Jim Soft Swiss QR Invoice22262392400Non-prefixed global variable
#48LearnPress – WordPress LMS Plugin for Create and Sell Online Courses222,3463,34170k+Non-prefixed global variable
#49MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.222,6252,45810k+Output is not escaped
#50MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution221,1311,844800Non-prefixed global variable