WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #701 | Ads.txt Manager | 61 | 33 | 16 | 4k+ | Text Domain Mismatch | |
| #702 | Kama SpamBlock | 64 | 29 | 7 | 5k+ | Echo Found | |
| #703 | 64 | 27 | 23 | 9k+ | Missing Translators Comment | ||
| #704 | VK Link Target Controller | 65 | 13 | 10 | 30k+ | Output Not Escaped | |
| #705 | Ajaxify Comments – Ajax and Lazy Loading Comments | 65 | 20 | 38 | 3k+ | Non Prefixed Hookname Found | |
| #706 | Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor | 66 | 59 | 98 | 10k+ | Non Prefixed Variable Found | |
| #707 | Plugin Compatibility Checker | 66 | 73 | 18 | 9k+ | Text Domain Mismatch | |
| #708 | Safe Redirect Manager | 66 | 9 | 60 | 40k+ | Non Prefixed Hookname Found | |
| #709 | Visual Link Preview | 66 | 47 | 2 | 10k+ | Output Not Escaped | |
| #710 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Recommended | |
| #711 | Breadcrumbs Divi Module | 67 | 44 | 38 | 10k+ | Text Domain Mismatch | |
| #712 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output Not Escaped | |
| #713 | CDN Enabler | 69 | 14 | 7 | 10k+ | Output Not Escaped | |
| #714 | Falcon – WordPress Optimizations & Tweaks | 69 | 29 | 21 | 2k+ | Echo Found | |
| #715 | PDF.js Viewer | 69 | 14 | 38 | 20k+ | Non Prefixed Variable Found | |
| #716 | AppScenic – Smart AI Dropshipping | 70 | 16 | 41 | 3k+ | Dynamic Hookname Found | |
| #717 | Multipart robots.txt editor | 70 | 19 | 8 | 1k+ | Output Not Escaped | |
| #718 | Zapier for WordPress | 71 | 11 | 21 | 50k+ | Input Not Sanitized | |
| #719 | Root Relative URLs | 72 | 9 | 10 | 6k+ | Input Not Sanitized | |
| #720 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non Prefixed Hookname Found | |
| #721 | My Simple Space | 73 | 21 | 3 | 8k+ | Output Not Escaped | |
| #722 | Ultimate Cursor – Interactive and Animated Cursor and Background Effects Toolkit | 73 | 3 | 12 | 3k+ | Recommended | |
| #723 | WP API SwaggerUI | 74 | 16 | 14 | 2k+ | missing direct file access protection | |
| #724 | Anchor Episodes Index (Spotify for Podcasters) | 75 | 32 | 3 | 1k+ | Text Domain Mismatch | |
| #725 | PopupAlly | 75 | 40 | 10 | 2k+ | missing direct file access protection | |
| #726 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | |
| #727 | Super RSS Reader – Add attractive RSS Feed Widget | 76 | 24 | 5 | 10k+ | Output Not Escaped | |
| #728 | WP SAML Auth | 76 | 7 | 25 | 7k+ | Recommended | |
| #729 | Bit Flows: AI Agent Automation & Integrations for Forms, CRM, eCommerce, Google Sheets, and More | 77 | 18 | 20 | 2k+ | wp function not compatible with requires wp | |
| #730 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Recommended | |
| #731 | WP-FormAssembly | 77 | 4 | 15 | 2k+ | Recommended | |
| #732 | PDF Smart Viewer for Elementor | 77 | 18 | 16 | 1k+ | Non Prefixed Variable Found | |
| #733 | Simple Floating Menu | 77 | 13 | 3 | 10k+ | missing direct file access protection | |
| #734 | Template Kit – Import | 77 | 41 | 60 | 400k+ | Non Prefixed Variable Found | |
| #735 | Real Category Management: Content Management in Category Folders | 79 | 4 | 73 | 2k+ | Non Prefixed Constant Found | |
| #736 | ShopEngine Gutenberg WooCommerce Builder Blocks Addon – All in One WooCommerce Solution | 80 | 424 | 735 | 3k+ | Non Prefixed Variable Found | |
| #737 | Hostinger Tools | 81 | 14 | 22 | 3m+ | wp function not compatible with requires wp | |
| #738 | AI Chatbot & Workflow Automation by AIWU | 84 | 123 | 36 | 1k+ | wp function not compatible with requires wp | |
| #739 | Real Thumbnail Generator: Efficient regeneration of thumbnails in all sizes | 85 | 5 | 58 | 1k+ | Non Prefixed Constant Found | |
| #740 | Vanilla PDF Embed | 85 | 8 | 3 | 3k+ | parse url parse url | |
| #741 | Microsoft Azure Storage for WordPress | 86 | 25 | 26 | 2k+ | Missing Translators Comment | |
| #742 | Redirect 404 to Homepage | 88 | 4 | 4 | 70k+ | parse url parse url | |
| #743 | Smart Blocks – WordPress Gutenberg Blocks | 88 | 10 | 76 | 1k+ | Post Not In post not in | |
| #744 | Child Themify | 90 | 10 | 4 | 7k+ | missing direct file access protection | |
| #745 | Ergonet Cache | 90 | 3 | 2 | 2k+ | Output Not Escaped | |
| #746 | LH Force Lowercase URLs | 90 | 4 | 3 | 2k+ | Input Not Validated Not Sanitized | |
| #747 | LegalBlink for Aruba | 91 | 33 | 29 | 6k+ | missing direct file access protection | |
| #748 | MultiManager WP – Manage All Your WordPress Sites Easily | 91 | 28 | 11 | 1k+ | Missing Arg Domain | |
| #749 | Pantheon Advanced Page Cache | 91 | 10 | 6 | 10k+ | Missing Unslash | |
| #750 | Snow Monkey Forms | 91 | 36 | 41 | 30k+ | Non Prefixed Variable Found |
