WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #601 | Nova Blocks by Pixelgrade | 30 | 206 | 112 | 800 | Output is not escaped | ||
| #602 | OoohBoi Steroids for Elementor | 30 | 2,059 | 100 | 40k+ | Text Domain Mismatch | ||
| #603 | Operation Demo Importer – Demo Importer For WPoperation Themes | 30 | 245 | 104 | 1k+ | Text Domain Mismatch | ||
| #604 | Pubjet | پابجت | 30 | 91 | 172 | 1k+ | Output is not escaped | ||
| #605 | Real Cookie Banner: GDPR & ePrivacy Cookie Consent | 30 | 9 | 496 | 100k+ | Database parameter is not escaped | ||
| #606 | StoreBuild – Online Store Builder for WooCommerce | 30 | 120 | 211 | 600 | Non-prefixed global variable | ||
| #607 | Sina Extension for Elementor | 30 | 3,691 | 160 | 40k+ | Text Domain Mismatch | ||
| #608 | Themify Portfolio Post | 30 | 214 | 102 | 30k+ | Text Domain Mismatch | ||
| #609 | Urvanov Syntax Highlighter | 30 | 221 | 87 | 3k+ | Output is not escaped | ||
| #610 | User Access Manager | 30 | 393 | 171 | 10k+ | Output is not escaped | ||
| #611 | User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress | 30 | 484 | 280 | 3k+ | Text Domain Mismatch | ||
| #612 | Checkout with Cash App on WooCommerce | 30 | 122 | 308 | 2k+ | Non-prefixed global variable | ||
| #613 | Webling | 30 | 147 | 313 | 500 | Input is not validated | ||
| #614 | WonderPush – Web Push Notifications – WooCommerce Abandoned Cart – GDPR | 30 | 152 | 192 | 600 | Missing direct file access protection | ||
| #615 | WooCommerce Tax (formerly WooCommerce Shipping & Tax) | 30 | 103 | 198 | 600k+ | Non-prefixed class | ||
| #616 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #617 | zahls.ch Credit Cards, PostFinance and TWINT for WooCommerce | 30 | 121 | 265 | 3k+ | Non-prefixed global variable | ||
| #618 | Zoho CRM Lead Magnet | 30 | 101 | 1,025 | 3k+ | Request data is not unslashed | ||
| #619 | AI Builder – Generate pages, blocks, images & translate with AI | 31 | 101 | 194 | 400 | Non-prefixed global variable | ||
| #620 | AI Copilot – Content Generator | 31 | 160 | 162 | 1k+ | wp function not compatible with requires wp | ||
| #621 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | Non-prefixed global variable | ||
| #622 | Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam | 31 | 598 | 70 | 700 | Text Domain Mismatch | ||
| #623 | Co-marquage service-public.fr | 31 | 84 | 213 | 1k+ | Non-prefixed global variable | ||
| #624 | Compliance by Hu-manity.co | 31 | 153 | 335 | 900k+ | Missing nonce verification | ||
| #625 | Crowdfundly | 31 | 594 | 402 | 600 | Output is not escaped | ||
| #626 | MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions | 31 | 664 | 273 | 2k+ | Text Domain Mismatch | ||
| #627 | Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) | 31 | 113 | 233 | 2k+ | Non-prefixed namespace | ||
| #628 | g-FFL Checkout | 31 | 249 | 300 | 600 | Request data is not unslashed | ||
| #629 | OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. | 31 | 213 | 62 | 300k+ | Output is not escaped | ||
| #630 | Keywords to Links Converter | 31 | 288 | 144 | 700 | Text Domain Mismatch | ||
| #631 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #632 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #633 | Openpay Stores Plugin | 31 | 121 | 75 | 1k+ | Non-prefixed global variable | ||
| #634 | PanoPress | 31 | 111 | 234 | 2k+ | Output is not escaped | ||
| #635 | Qode Essential Addons | 31 | 55 | 295 | 10k+ | Non-prefixed global variable | ||
| #636 | Query Monitor | 31 | 44 | 273 | 200k+ | Non-prefixed class | ||
| #637 | Social Share Buttons | 31 | 462 | 156 | 1k+ | Text Domain Mismatch | ||
| #638 | Page Builder by SiteOrigin | 31 | 226 | 214 | 400k+ | Output is not escaped | ||
| #639 | SpeedyCache – Cache, Optimization, Performance | 31 | 65 | 118 | 600k+ | Input is not validated | ||
| #640 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #641 | Stackable – Page Builder Gutenberg Blocks | 31 | 477 | 90 | 100k+ | Non Singular String Literal Domain | ||
| #642 | WP Testimonials | 31 | 183 | 455 | 10k+ | Non-prefixed global variable | ||
| #643 | Themify Store Locator | 31 | 244 | 125 | 500 | Text Domain Mismatch | ||
| #644 | Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification | 31 | 284 | 830 | 2k+ | Missing nonce verification | ||
| #645 | Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets | 31 | 837 | 295 | 100k+ | Unsafe printing function | ||
| #646 | WooCommerce Legacy REST API | 31 | 324 | 177 | 400k+ | Missing Translators Comment | ||
| #647 | Worldline Global Online Pay for WooCommerce | 31 | 160 | 86 | 500 | Missing direct file access protection | ||
| #648 | Discussion Board – WordPress Forum Plugin | 31 | 105 | 153 | 2k+ | Request data is not unslashed | ||
| #649 | WP Visitor Statistics (Real Time Traffic) | 31 | 353 | 691 | 20k+ | Nonce verification recommended | ||
| #650 | WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite | 31 | 133 | 438 | 600 | Non-prefixed global variable |