WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #551 | Transliterator – Multilingual and Multi-script Text Conversion | 28 | 305 | 320 | 3k+ | Output is not escaped | ||
| #552 | Temporary Login Without Password | 28 | 128 | 131 | 100k+ | wp function not compatible with requires wp | ||
| #553 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing nonce verification | ||
| #554 | 10WebSocial | 28 | 584 | 185 | 10k+ | Unsafe printing function | ||
| #555 | WeeConnectPay – Clover Payment Gateway for WooCommerce | 28 | 179 | 171 | 500 | Exception output is not escaped | ||
| #556 | WP ADA Compliance Check Basic | 28 | 785 | 177 | 3k+ | Text Domain Mismatch | ||
| #557 | WP GoToWebinar | 28 | 207 | 207 | 700 | Non-prefixed function | ||
| #558 | Connect Matomo – Analytics Dashboard for WordPress | 28 | 100 | 102 | 60k+ | Missing Translators Comment | ||
| #559 | WP YouTube Lyte | 28 | 204 | 178 | 30k+ | Non-prefixed global variable | ||
| #560 | WPify Woo – Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce | 28 | 174 | 226 | 5k+ | Output is not escaped | ||
| #561 | WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN) | 28 | 209 | 217 | 10k+ | Exception output is not escaped | ||
| #562 | WP Synchro – The Ultimate WordPress Migration Tool | 28 | 243 | 244 | 2k+ | Missing Translators Comment | ||
| #563 | WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买 | 28 | 57 | 138 | 500 | Request data is not unslashed | ||
| #564 | Accordion Slider Gallery | 29 | 379 | 142 | 1k+ | Text Domain Mismatch | ||
| #565 | AI Copilot – Content Generator | 29 | 166 | 161 | 1k+ | wp function not compatible with requires wp | ||
| #566 | AL Pack | 29 | 13 | 816 | 2k+ | Non-prefixed global variable | ||
| #567 | Alt Text AI – Automatically generate image alt text for SEO and accessibility | 29 | 72 | 280 | 20k+ | Non-prefixed global variable | ||
| #568 | Branded Social Images – Open Graph Images with logo and extra text layer | 29 | 254 | 92 | 900 | Non Singular String Literal Domain | ||
| #569 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #570 | Di Themes Demo Site Importer | 29 | 343 | 183 | 1k+ | Text Domain Mismatch | ||
| #571 | Document Gallery | 29 | 183 | 98 | 8k+ | Output is not escaped | ||
| #572 | Everest Toolkit | 29 | 145 | 141 | 1k+ | Missing Translators Comment | ||
| #573 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | ||
| #574 | Kits, Templates and Patterns | 29 | 380 | 91 | 5k+ | Text Domain Mismatch | ||
| #575 | Music Player for WooCommerce | 29 | 106 | 155 | 1k+ | Non-prefixed global variable | ||
| #576 | Offload Media – Cloud Storage | 29 | 126 | 80 | 1k+ | unlink unlink | ||
| #577 | Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | 29 | 80 | 162 | 200k+ | Nonce verification recommended | ||
| #578 | PhastPress | 29 | 95 | 52 | 10k+ | Exception output is not escaped | ||
| #579 | PlatiOnline Payments | 29 | 304 | 110 | 700 | Output is not escaped | ||
| #580 | Recipe Card Blocks Lite | 29 | 151 | 408 | 10k+ | Non-prefixed global variable | ||
| #581 | Responder | 29 | 77 | 185 | 3k+ | Non-prefixed global variable | ||
| #582 | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | 29 | 148 | 246 | 5k+ | Unsafe printing function | ||
| #583 | Social Engine | 29 | 133 | 90 | 600 | Exception output is not escaped | ||
| #584 | ووسلام – همگام سازی ووکامرس و باسلام | 29 | 192 | 611 | 4k+ | Non-prefixed global variable | ||
| #585 | Tilda-publishing | 29 | 219 | 78 | 700 | Output is not escaped | ||
| #586 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | 29 | 135 | 400 | 40k+ | Non-prefixed global variable | ||
| #587 | Visualizer – Tables & Charts Manager with Built-in AI Generator | 29 | 348 | 331 | 20k+ | Output is not escaped | ||
| #588 | weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce | 29 | 276 | 68 | 10k+ | Missing direct file access protection | ||
| #589 | WP Popular Posts | 29 | 77 | 300 | 100k+ | Non-prefixed global variable | ||
| #590 | WPComplete | 29 | 383 | 333 | 1k+ | Output is not escaped | ||
| #591 | AI Product Tools – Bulk Product Content Generator & AI Toolkit for WooCommerce | 30 | 502 | 560 | 400 | SQL query is not prepared | ||
| #592 | Blockons – Gutenberg blocks for WordPress and WooCommerce websites | 30 | 69 | 205 | 700 | Non-prefixed global variable | ||
| #593 | BrightEdge Autopilot | 30 | 108 | 31 | 500 | curl curl setopt | ||
| #594 | FormLift for Keap (Legacy) Web Forms | 30 | 162 | 315 | 400 | Request data is not unslashed | ||
| #595 | GlobalPayments Gateway Provider for WooCommerce | 30 | 611 | 170 | 1k+ | Text Domain Mismatch | ||
| #596 | Kargo Takip, Kargo SMS, İlçe Mahalle Sözleşme by Hezarfen | 30 | 70 | 276 | 2k+ | Non-prefixed global variable | ||
| #597 | Import WooCommerce Suite for Products, Orders, Coupons, Reviews, and Customers | WP Ultimate CSV Importer | 30 | 80 | 434 | 4k+ | Interpolated SQL is not prepared | ||
| #598 | core plugin for kitestudio themes | 30 | 244 | 415 | 500 | Nonce verification recommended | ||
| #599 | Laposta Signup Embed | 30 | 88 | 19 | 1k+ | Exception output is not escaped | ||
| #600 | Nova Blocks by Pixelgrade | 30 | 206 | 112 | 800 | Output is not escaped |
