WordPress.WP.AlternativeFunctions.parse_url_parse_url

parse url parse url

The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.

medium weight

Why It Shows Up

Plugin Check found `parse_url()` in plugin code.

Why It Matters

URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.

How to Fix

  • Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
  • Validate schemes and hosts before using parsed URL parts.
  • Do not use parsed URLs to build redirects or requests without allowlisting.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#601Nova Blocks by Pixelgrade30206112800Output is not escaped
#602OoohBoi Steroids for Elementor302,05910040k+Text Domain Mismatch
#603Operation Demo Importer – Demo Importer For WPoperation Themes302451041k+Text Domain Mismatch
#604Pubjet | پاب‌جت30911721k+Output is not escaped
#605Real Cookie Banner: GDPR & ePrivacy Cookie Consent309496100k+Database parameter is not escaped
#606StoreBuild – Online Store Builder for WooCommerce30120211600Non-prefixed global variable
#607Sina Extension for Elementor303,69116040k+Text Domain Mismatch
#608Themify Portfolio Post3021410230k+Text Domain Mismatch
#609Urvanov Syntax Highlighter30221873k+Output is not escaped
#610User Access Manager3039317110k+Output is not escaped
#611User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress304842803k+Text Domain Mismatch
#612Checkout with Cash App on WooCommerce301223082k+Non-prefixed global variable
#613Webling30147313500Input is not validated
#614WonderPush – Web Push Notifications – WooCommerce Abandoned Cart – GDPR30152192600Missing direct file access protection
#615WooCommerce Tax (formerly WooCommerce Shipping & Tax)30103198600k+Non-prefixed class
#616WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA304842222k+Unsafe printing function
#617zahls.ch Credit Cards, PostFinance and TWINT for WooCommerce301212653k+Non-prefixed global variable
#618Zoho CRM Lead Magnet301011,0253k+Request data is not unslashed
#619AI Builder – Generate pages, blocks, images & translate with AI31101194400Non-prefixed global variable
#620AI Copilot – Content Generator311601621k+wp function not compatible with requires wp
#621The SEO Framework – Fast, Automated, Effortless.31363609200k+Non-prefixed global variable
#622Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam3159870700Text Domain Mismatch
#623Co-marquage service-public.fr31842131k+Non-prefixed global variable
#624Compliance by Hu-manity.co31153335900k+Missing nonce verification
#625Crowdfundly31594402600Output is not escaped
#626MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions316642732k+Text Domain Mismatch
#627Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)311132332k+Non-prefixed namespace
#628g-FFL Checkout31249300600Request data is not unslashed
#629OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.3121362300k+Output is not escaped
#630Keywords to Links Converter31288144700Text Domain Mismatch
#631Login rebuilder3140622620k+Non Singular String Literal Domain
#632LWS Tools3110413410k+Request data is not unslashed
#633Openpay Stores Plugin31121751k+Non-prefixed global variable
#634PanoPress311112342k+Output is not escaped
#635Qode Essential Addons315529510k+Non-prefixed global variable
#636Query Monitor3144273200k+Non-prefixed class
#637Social Share Buttons314621561k+Text Domain Mismatch
#638Page Builder by SiteOrigin31226214400k+Output is not escaped
#639SpeedyCache – Cache, Optimization, Performance3165118600k+Input is not validated
#640Staatic – Static Site Generator for WordPress314201952k+SQL query is not prepared
#641Stackable – Page Builder Gutenberg Blocks3147790100k+Non Singular String Literal Domain
#642WP Testimonials3118345510k+Non-prefixed global variable
#643Themify Store Locator31244125500Text Domain Mismatch
#644Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification312848302k+Missing nonce verification
#645Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets31837295100k+Unsafe printing function
#646WooCommerce Legacy REST API31324177400k+Missing Translators Comment
#647Worldline Global Online Pay for WooCommerce3116086500Missing direct file access protection
#648Discussion Board – WordPress Forum Plugin311051532k+Request data is not unslashed
#649WP Visitor Statistics (Real Time Traffic)3135369120k+Nonce verification recommended
#650WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite31133438600Non-prefixed global variable