WordPress.WP.AlternativeFunctions.file_system_operations_readfile
file system operations readfile
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #301 | Download Media Library | 49 | 22 | 40 | 1k+ | Text Domain Mismatch | ||
| #302 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | 54 | 344 | 93 | 300k+ | Offloaded Content | ||
| #303 | Yeloni Exit Popup | (Free) GDPR Compliance | 54 | 41 | 12 | 700 | Output is not escaped | ||
| #304 | REVIEWS.io for WooCommerce | 58 | 71 | 161 | 1k+ | Non-prefixed global variable | ||
| #305 | flowpaper | 59 | 13 | 31 | 10k+ | Non-prefixed function | ||
| #306 | AAM Protected Media Files | 62 | 13 | 10 | 600 | Direct Query | ||
| #307 | WP Downloader | 62 | 11 | 15 | 2k+ | Output is not escaped | ||
| #308 | Wp Theme plugin Download | 62 | 11 | 16 | 2k+ | Output is not escaped | ||
| #309 | Download Theme | 64 | 18 | 20 | 4k+ | wp function not compatible with requires wp | ||
| #310 | AC Advanced Flamingo Settings | 66 | 6 | 32 | 700 | Nonce verification recommended | ||
| #311 | Raptive Ads | 66 | 35 | 29 | 6k+ | Text Domain Mismatch | ||
| #312 | Easy PHP Settings | 66 | 34 | 48 | 1k+ | Missing Translators Comment | ||
| #313 | Falcon – WordPress Optimizations & Tweaks | 69 | 29 | 21 | 2k+ | Short PHP open tag found | ||
| #314 | Ghost | 70 | 25 | 12 | 600 | Output is not escaped | ||
| #315 | blueimp lightbox | 75 | 19 | 2 | 1k+ | Output is not escaped | ||
| #316 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | 77 | 37 | 282 | 40k+ | Non-prefixed global variable | ||
| #317 | Uptime Monitoring for WordPress – My Website is Online | 78 | 18 | 7 | 500 | Text Domain Mismatch | ||
| #318 | Cachify | 84 | 9 | 36 | 9k+ | Non-prefixed global variable | ||
| #319 | Verify domain for Apple Pay with Stripe | 92 | 3 | 2 | 600 | Input is not sanitized | ||
| #320 | KP Zip Downloader | 99 | 2 | 0 | 3k+ | file system operations readfile |