WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#251PostNL for WooCommerce345951043k+Text Domain Mismatch
#252WP Notes Widget3421736700Output is not escaped
#253belingoGeo351361331k+Output is not escaped
#254Cache Enabler35447590k+Input is not sanitized
#255Create Block Theme3543520k+unlink unlink
#256Elementor Website Builder – more than just a page builder354642810m+Non-prefixed global variable
#257EWWW Image Optimizer352257291m+Direct Query
#258Imsanity353229200k+Direct Query
#259Media Library Downloader3521164k+Output is not escaped
#260MONEI Payments for WooCommerce351565500Non-prefixed hook name
#261Moyasar35436128700Text Domain Mismatch
#262Solid Performance – Your No-Code Caching, Performance, & Page Speed Solution3575614k+Exception output is not escaped
#263SSL Insecure Content Fixer352860100k+Input is not sanitized
#264The Courier Guy Shipping for WooCommerce35571073k+Missing nonce verification
#265Converter for Media – Optimize images | Convert WebP & AVIF3513353500k+curl curl setopt
#266Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing354923050k+Non-prefixed hook name
#267Invoices for WooCommerce355516810k+Non-prefixed global variable
#268WP Associate Post R235259863k+Output is not escaped
#269Database Backup for WordPress351288870k+Output is not escaped
#270BP Group Documents3627195600Non-prefixed global variable
#271bpost shipping369743700Output is not escaped
#272Export Variable Products367949400Text Domain Mismatch
#273If-So Geolocation3650571k+Non-prefixed global variable
#274PDF Forms Filler for CF736185793k+Text Domain Mismatch
#275Search & Replace365053100k+Missing nonce verification
#276WP Publication Archive3619764400Text Domain Mismatch
#277Adaptive Images for WordPress3751753k+Output is not escaped
#278Debug Log Viewer3726831k+Missing nonce verification
#279Varnish/Nginx Proxy Caching3728736600Output is not escaped
#280Checkout Files Upload for WooCommerce38571207k+Input is not sanitized
#281ThumbPress – Compress Images, Manage Thumbnails, Detect Image Issues, WebP/AVIF, Lazy Loading, Hotlinking & More38218830k+Direct Query
#282Lana Downloads Manager38146783k+Unsafe printing function
#283Migrate Store: Export and Import WooCommerce Settings3837331k+Non-prefixed global variable
#284Quick Download Button38341232k+Non-prefixed global variable
#285Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance38231041k+Direct Query
#286WPC Product Options for WooCommerce38571824k+Non-prefixed global variable
#287Cookies for Comments39222920k+Input is not validated
#288Library Viewer396593400Non-prefixed hook name
#289Shared Files – File Upload & Download Manager3951844k+Nonce verification recommended
#290Tagging403337500Output is not escaped
#291Zippy4043319k+Output is not escaped
#292Authenticator4159441k+Output is not escaped
#293Simple Cache4133591k+Input is not sanitized
#294Clover Payments for WooCommerce4225152k+Exception output is not escaped
#295Simple Download Counter4258462k+Output is not escaped
#296Good Old Twitter Feed Widget4311010400Text Domain Mismatch
#297Hyper Cache45361008k+Non-prefixed global variable
#298404 Image Redirection (Replace Broken Images)4711885500Text Domain Mismatch
#299iControlWP4745591k+Missing direct file access protection
#300SiteEase Bulk Delete Manager495072900Direct Query