WordPress.WP.AlternativeFunctions.parse_url_parse_url
parse url parse url
The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.
Why It Shows Up
Plugin Check found `parse_url()` in plugin code.
Why It Matters
URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.
How to Fix
- Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
- Validate schemes and hosts before using parsed URL parts.
- Do not use parsed URLs to build redirects or requests without allowlisting.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Simple Shopping Cart | 22 | 796 | 536 | 10k+ | Unsafe printing function | ||
| #152 | Asset CleanUp: Page Speed Booster | 22 | 2,030 | 2,485 | 100k+ | Non-prefixed global variable | ||
| #153 | WP Easy Pay – Payment and Donation form Builder for Square | 22 | 893 | 1,828 | 1k+ | Non-prefixed global variable | ||
| #154 | WP Express Checkout (Fast Payments via PayPal & Stripe) | 22 | 591 | 627 | 1k+ | Output is not escaped | ||
| #155 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 918 | 916 | 70k+ | Exception output is not escaped | ||
| #156 | Wp-Insert | 22 | 267 | 301 | 10k+ | Output is not escaped | ||
| #157 | AidWP – Donation & Payment Forms (Stripe Powered) | 22 | 1,317 | 1,675 | 800 | Non-prefixed global variable | ||
| #158 | WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript | 22 | 164 | 257 | 9k+ | Non-prefixed constant | ||
| #159 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | 22 | 287 | 1,432 | 20k+ | Non-prefixed global variable | ||
| #160 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #161 | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | 22 | 5,996 | 2,790 | 5k+ | Text Domain Mismatch | ||
| #162 | ShopWP | 22 | 430 | 225 | 700 | Text Domain Mismatch | ||
| #163 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | ||
| #164 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | 23 | 1,185 | 1,027 | 1k+ | Text Domain Mismatch | ||
| #165 | Advanced Custom Fields: Extended | 23 | 1,885 | 329 | 100k+ | Text Domain Mismatch | ||
| #166 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | Nonce verification recommended | ||
| #167 | AI Engine – The Chatbot, AI Framework & MCP for WordPress | 23 | 411 | 544 | 100k+ | error log error log | ||
| #168 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | Text Domain Mismatch | ||
| #169 | AR for WordPress | 23 | 149 | 508 | 400 | Non-prefixed global variable | ||
| #170 | Autoptimize | 23 | 288 | 191 | 800k+ | Output is not escaped | ||
| #171 | BA Book Everything | 23 | 1,184 | 1,086 | 10k+ | Output is not escaped | ||
| #172 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #173 | Business Directory Plugin – Easy Listing Directories for WordPress | 23 | 611 | 1,058 | 10k+ | Non-prefixed global variable | ||
| #174 | Captivate Sync | 23 | 174 | 557 | 1k+ | Non-prefixed global variable | ||
| #175 | Cart Notices for WooCommerce | 23 | 650 | 471 | 2k+ | Text Domain Mismatch | ||
| #176 | Geo Controller | 23 | 203 | 544 | 1k+ | Non-prefixed global variable | ||
| #177 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 624 | 1,245 | 5k+ | Non-prefixed global variable | ||
| #178 | Church Admin | 23 | 1,643 | 4,202 | 900 | Direct Query | ||
| #179 | CLUEVO LMS, E-Learning Platform | 23 | 1,843 | 1,176 | 400 | Text Domain Mismatch | ||
| #180 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | Non-prefixed global variable | ||
| #181 | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 23 | 9,310 | 26,642 | 900 | Non-prefixed global variable | ||
| #182 | CWW Companion | 23 | 307 | 223 | 1k+ | Output is not escaped | ||
| #183 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non-prefixed namespace | ||
| #184 | Ecwid by Lightspeed Ecommerce Shopping Cart | 23 | 339 | 307 | 20k+ | Missing direct file access protection | ||
| #185 | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI | 23 | 395 | 1,342 | 90k+ | Non-prefixed global variable | ||
| #186 | Export WordPress Pages to Static HTML & PDF — Static Site Export | 23 | 490 | 301 | 4k+ | Text Domain Mismatch | ||
| #187 | Ezoic | 23 | 432 | 516 | 10k+ | Output is not escaped | ||
| #188 | Fastcache by Host.it | 23 | 1,327 | 203 | 700 | Text Domain Mismatch | ||
| #189 | Feed Them Social – Social Media Feeds, Video, and Photo Galleries | 23 | 563 | 535 | 20k+ | Output is not escaped | ||
| #190 | Flexmls® IDX Plugin | 23 | 1,268 | 957 | 1k+ | Output is not escaped | ||
| #191 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | Non Singular String Literal Domain | ||
| #192 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | 23 | 3,662 | 2,971 | 10k+ | Output is not escaped | ||
| #193 | Happy Addons for Elementor | 23 | 573 | 444 | 400k+ | Output is not escaped | ||
| #194 | Hunk Companion | 23 | 2,544 | 687 | 6k+ | Text Domain Mismatch | ||
| #195 | RealHomes Memberships | 23 | 516 | 264 | 1k+ | Non Singular String Literal Domain | ||
| #196 | Joli FAQ SEO – WordPress FAQ Plugin | 23 | 1,083 | 1,526 | 700 | Non-prefixed global variable | ||
| #197 | Justified Gallery | 23 | 589 | 1,417 | 8k+ | Non-prefixed global variable | ||
| #198 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | 23 | 55 | 2,127 | 600k+ | Non-prefixed global variable | ||
| #199 | Kenta Companion | 23 | 657 | 1,419 | 2k+ | Non-prefixed global variable | ||
| #200 | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | 23 | 1,831 | 3,878 | 10k+ | Non-prefixed global variable |
