WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1001 | Ads.txt Manager | 61 | 33 | 16 | 4k+ | Text Domain Mismatch | ||
| #1002 | Falcon – WordPress Optimizations & Tweaks | 62 | 47 | 66 | 2k+ | Short PHP open tag found | ||
| #1003 | Hestia Nginx Cache | 62 | 21 | 8 | 1k+ | Output is not escaped | ||
| #1004 | Embed Videos For Product Image Gallery Using WooCommerce | 62 | 21 | 16 | 400 | Text Domain Mismatch | ||
| #1005 | Mailster Google Analytics | 63 | 26 | 9 | 900 | Output is not escaped | ||
| #1006 | CV Demo Importer | 64 | 21 | 95 | 400 | Non-prefixed global variable | ||
| #1007 | Online Payments with iK Pay Gateway | 64 | 12 | 28 | 1k+ | Missing nonce verification | ||
| #1008 | Kama SpamBlock | 64 | 29 | 7 | 5k+ | Short PHP open tag found | ||
| #1009 | Send From | 64 | 5 | 18 | 500 | Input is not sanitized | ||
| #1010 | 64 | 27 | 23 | 9k+ | Missing Translators Comment | |||
| #1011 | VK Link Target Controller | 65 | 13 | 10 | 30k+ | Output is not escaped | ||
| #1012 | Ajaxify Comments – Ajax and Lazy Loading Comments | 65 | 20 | 38 | 3k+ | Non-prefixed hook name | ||
| #1013 | Plugin Compatibility Checker | 66 | 73 | 18 | 9k+ | Text Domain Mismatch | ||
| #1014 | Safe Redirect Manager | 66 | 9 | 60 | 40k+ | Non-prefixed hook name | ||
| #1015 | Visual Link Preview | 66 | 47 | 2 | 10k+ | Output is not escaped | ||
| #1016 | WP Anti-Clickjack | 66 | 4 | 42 | 4k+ | Nonce verification recommended | ||
| #1017 | Breadcrumbs Divi Module | 67 | 44 | 38 | 10k+ | Text Domain Mismatch | ||
| #1018 | Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor | 67 | 57 | 98 | 10k+ | Non-prefixed global variable | ||
| #1019 | Clearout Email Validator – Real-Time Email Verification on WordPress Forms | 68 | 21 | 80 | 600 | Non-prefixed function | ||
| #1020 | Protection Against DDoS | 68 | 22 | 5 | 3k+ | Output is not escaped | ||
| #1021 | CDN Enabler | 69 | 14 | 7 | 10k+ | Output is not escaped | ||
| #1022 | PDF.js Viewer | 69 | 14 | 38 | 20k+ | Non-prefixed global variable | ||
| #1023 | VWE – Voorheen Autodealers.nl | 69 | 23 | 10 | 500 | curl curl setopt | ||
| #1024 | AppScenic – Smart AI Dropshipping | 70 | 16 | 41 | 3k+ | Dynamic hook name | ||
| #1025 | Multipart robots.txt editor | 70 | 19 | 8 | 1k+ | Output is not escaped | ||
| #1026 | Zapier for WordPress | 71 | 11 | 21 | 50k+ | Input is not sanitized | ||
| #1027 | Root Relative URLs | 72 | 9 | 10 | 6k+ | Input is not sanitized | ||
| #1028 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non-prefixed hook name | ||
| #1029 | My Simple Space | 73 | 21 | 3 | 8k+ | Output is not escaped | ||
| #1030 | Image Quality Control | Still BE | 74 | 71 | 28 | 400 | Missing Translators Comment | ||
| #1031 | WP API SwaggerUI | 74 | 13 | 20 | 2k+ | Missing direct file access protection | ||
| #1032 | Anchor Episodes Index (Spotify for Podcasters) | 75 | 32 | 3 | 1k+ | Text Domain Mismatch | ||
| #1033 | PopupAlly | 75 | 40 | 10 | 2k+ | Missing direct file access protection | ||
| #1034 | reCAPTCHA for bbPress | 75 | 14 | 19 | 800 | Non-prefixed function | ||
| #1035 | wp-forecast | 75 | 263 | 117 | 5k+ | Missing Arg Domain | ||
| #1036 | PDF Flipbook Heyzine | 76 | 3 | 46 | 1k+ | Non-prefixed global variable | ||
| #1037 | Super RSS Reader – Add attractive RSS Feed Widget | 76 | 24 | 5 | 10k+ | Output is not escaped | ||
| #1038 | WP SAML Auth | 76 | 7 | 25 | 8k+ | Nonce verification recommended | ||
| #1039 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | ||
| #1040 | WP-FormAssembly | 77 | 4 | 15 | 2k+ | Nonce verification recommended | ||
| #1041 | PDF Smart Viewer for Elementor | 77 | 18 | 16 | 1k+ | Non-prefixed global variable | ||
| #1042 | Simple Floating Menu | 77 | 13 | 3 | 10k+ | Missing direct file access protection | ||
| #1043 | Template Kit – Import | 77 | 41 | 60 | 400k+ | Non-prefixed global variable | ||
| #1044 | Boei – AI Chatbot, Live Chat & 50+ Channels for WordPress | 78 | 9 | 4 | 1k+ | Output is not escaped | ||
| #1045 | Oxyplug Preload | 79 | 7 | 9 | 500 | Output is not escaped | ||
| #1046 | Real Category Management: Content Management in Category Folders | 79 | 4 | 73 | 2k+ | Non-prefixed constant | ||
| #1047 | Sellbrite | 79 | 18 | 4 | 500 | Short PHP open tag found | ||
| #1048 | New Relic Reporting for WordPress | 79 | 4 | 16 | 600 | Nonce verification recommended | ||
| #1049 | ShopEngine Gutenberg WooCommerce Builder Blocks Addon – All in One WooCommerce Solution | 80 | 424 | 735 | 3k+ | Non-prefixed global variable | ||
| #1050 | Hostinger Tools | 82 | 13 | 22 | 3m+ | wp function not compatible with requires wp |