WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #451 | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | 35 | 49 | 229 | 50k+ | Non Prefixed Hookname Found | |
| #452 | Easy Accept Payments via PayPal | 35 | 322 | 128 | 7k+ | Text Domain Mismatch | |
| #453 | WP Datepicker | 35 | 225 | 181 | 7k+ | Output Not Escaped | |
| #454 | WP Mailto Links – Protect Email Addresses | 35 | 95 | 69 | 8k+ | Output Not Escaped | |
| #455 | WPZOOM Addons for Elementor – Starter Templates & Widgets | 35 | 160 | 126 | 20k+ | Output Not Escaped | |
| #456 | Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts | 35 | 48 | 114 | 5k+ | Non Prefixed Hookname Found | |
| #457 | authLdap | 36 | 47 | 30 | 5k+ | Exception Not Escaped | |
| #458 | Blaze Demo Importer | 36 | 101 | 94 | 8k+ | Output Not Escaped | |
| #459 | BP Profile Search | 36 | 321 | 85 | 5k+ | Output Not Escaped | |
| #460 | bunny.net – WordPress CDN Plugin | 36 | 114 | 127 | 10k+ | Output Not Escaped | |
| #461 | Drag and Drop Multiple File Upload for Contact Form 7 | 36 | 82 | 36 | 60k+ | wp function not compatible with requires wp | |
| #462 | Dynamic Visibility for Elementor | 36 | 56 | 89 | 50k+ | Non Prefixed Hookname Found | |
| #463 | Email Before Download | 36 | 89 | 29 | 6k+ | Unsafe Printing Function | |
| #464 | HTML Forms – Simple WordPress Forms Plugin | 36 | 231 | 166 | 10k+ | Output Not Escaped | |
| #465 | Italy Cookie Choices (for EU Cookie Law & Cookie Notice) | 36 | 115 | 77 | 10k+ | Unsafe Printing Function | |
| #466 | Login as User | 36 | 101 | 64 | 30k+ | Output Not Escaped | |
| #467 | LocalWeb All In One | 36 | 31 | 264 | 5k+ | Non Prefixed Variable Found | |
| #468 | M Chart | 36 | 29 | 155 | 4k+ | Non Prefixed Variable Found | |
| #469 | Photoswipe Masonry Gallery | 36 | 57 | 47 | 6k+ | Non Singular String Literal Text | |
| #470 | Quick 301 Redirects | 36 | 89 | 120 | 5k+ | Non Prefixed Variable Found | |
| #471 | Rara One Click Demo Import | 36 | 122 | 98 | 20k+ | Missing Translators Comment | |
| #472 | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution | 36 | 63 | 667 | 100k+ | Non Prefixed Variable Found | |
| #473 | Stripe Tax – Sales tax automation for WooCommerce | 36 | 97 | 61 | 30k+ | Exception Not Escaped | |
| #474 | WP Socializer – Simple & Easy Social Media Share Icons | 36 | 214 | 51 | 10k+ | Output Not Escaped | |
| #475 | Yandex.Metrica | 36 | 76 | 30 | 60k+ | Output Not Escaped | |
| #476 | WP fail2ban Blocklist | 36 | 61 | 63 | 3k+ | Not Prepared | |
| #477 | Adaptive Images for WordPress | 37 | 51 | 75 | 3k+ | Output Not Escaped | |
| #478 | Add From Server | 37 | 52 | 20 | 60k+ | Output Not Escaped | |
| #479 | Add to Cart Redirect for WooCommerce | 37 | 215 | 141 | 8k+ | Text Domain Mismatch | |
| #480 | Before After Image Comparison Slider for Elementor | 37 | 90 | 41 | 10k+ | Text Domain Mismatch | |
| #481 | Customize WordPress Emails and Alerts – Better Notifications for WP | 37 | 64 | 47 | 30k+ | Missing Arg Domain | |
| #482 | ClickCease Click Fraud Protection | 37 | 30 | 58 | 10k+ | Non Prefixed Class Found | |
| #483 | Gmail SMTP | 37 | 84 | 73 | 10k+ | Unsafe Printing Function | |
| #484 | XML Sitemap Generator for Google | 37 | 43 | 79 | 1m+ | Input Not Validated | |
| #485 | Lightbox with PhotoSwipe | 37 | 179 | 24 | 20k+ | Output Not Escaped | |
| #486 | MailMunch – Grow your Email List | 37 | 82 | 84 | 6k+ | Output Not Escaped | |
| #487 | Recent Posts Widget With Thumbnails | 37 | 222 | 46 | 100k+ | Output Not Escaped | |
| #488 | SendWP | 37 | 47 | 42 | 10k+ | Output Not Escaped | |
| #489 | Spam Destroyer | 37 | 63 | 43 | 6k+ | rand rand | |
| #490 | Elemailer Lite – Elementor email template & campaign builder | 38 | 44 | 50 | 5k+ | Output Not Escaped | |
| #491 | Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds | 38 | 167 | 82 | 50k+ | Output Not Escaped | |
| #492 | Furgonetka.pl: Przesyłki & Narzędzia e-commerce | 38 | 63 | 48 | 7k+ | Exception Not Escaped | |
| #493 | HashThemes Demo Importer | 38 | 71 | 44 | 6k+ | Output Not Escaped | |
| #494 | Monetag Official Plugin | 38 | 133 | 32 | 5k+ | Text Domain Mismatch | |
| #495 | Multiple Domain Mapping on Single Site | 38 | 135 | 51 | 6k+ | Text Domain Mismatch | |
| #496 | OneSignal – Web Push Notifications | 38 | 53 | 64 | 70k+ | Output Not Escaped | |
| #497 | Page Links To | 38 | 31 | 40 | 100k+ | Unsafe Printing Function | |
| #498 | Permalink Manager Lite | 38 | 29 | 178 | 100k+ | Recommended | |
| #499 | Plugin Detective – Troubleshooting Conflicts | 38 | 40 | 44 | 5k+ | Output Not Escaped | |
| #500 | Simple JWT Login – Allows you to use JWT on REST endpoints. | 38 | 712 | 95 | 4k+ | Output Not Escaped |
