Generic.PHP.ForbiddenFunctions.Found

PHP Forbidden Functions Found

The plugin uses a PHP or WordPress pattern that coding standards discourage.

medium weight

Why It Shows Up

Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.

Why It Matters

Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.

How to Fix

Identify why the construct is used and whether WordPress provides a safer API.
Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
If a third-party library triggers the warning, isolate and document it.

References

WordPress Coding Standards

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	BulletProof Security	0	5,048	4,949	20k+	2026-05-20	Output Not Escaped
#2	JetBackup – Backup, Restore & Migrate	10	1,559	145	100k+	2026-05-03	Exception Not Escaped
#3	wpForo Forum	17	4,033	2,922	20k+	2026-05-31	Unsafe Printing Function
#4	WPtouch – Make your WordPress Website Mobile-Friendly	17	1,466	325	50k+	2025-12-04	Text Domain Mismatch
#5	Download Monitor	19	425	1,364	80k+	2026-06-16	Non Prefixed Hookname Found
#6	Event Organiser	19	1,106	544	20k+	2024-10-10	Text Domain Mismatch
#7	Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	19	1,218	901	100k+	2026-06-09	Exception Not Escaped
#8	Matomo Analytics – Powerful, Privacy-First Insights for WordPress	19	1,909	878	100k+	2026-06-16	Exception Not Escaped
#9	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	2026-05-26	Text Domain Mismatch
#10	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	20	508	1,406	30k+	2026-06-18	Non Prefixed Variable Found
#11	Brizy – Page Builder	20	589	720	70k+	2026-06-09	Output Not Escaped
#12	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	2026-06-15	Output Not Escaped
#13	Link Library	20	1,941	1,397	10k+	2026-04-26	Unsafe Printing Function
#14	Brevo – Email, SMS, Web Push, Chat, and more.	20	460	646	100k+	2026-04-10	Missing Unslash
#15	Microthemer Lite – Visual Editor to Customize CSS	20	1,004	1,699	10k+	2026-04-15	Non Prefixed Variable Found
#16	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	2026-05-19	Output Not Escaped
#17	Razorpay for WooCommerce	20	974	855	100k+	2026-06-19	Non Prefixed Function Found
#18	Backup Migration	21	981	1,093	80k+	2026-06-05	Non Prefixed Variable Found
#19	Captcha Them All	21	300	323	6k+	2023-12-20	Output Not Escaped
#20	Comet Cache	21	857	245	20k+	2025-07-02	Output Not Escaped
#21	FileOrganizer – WordPress File Manager	21	536	241	200k+	2026-06-10	unlink unlink
#22	Packeta	21	802	333	8k+	2025-11-07	Exception Not Escaped
#23	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	2026-06-10	Recommended
#24	PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board	21	603	890	6k+	2026-05-21	Output Not Escaped
#25	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2026-06-19	Output Not Escaped
#26	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	2026-06-08	Text Domain Mismatch
#27	Smart Forms – when you need more than just a contact form	21	776	574	5k+	2026-05-15	Output Not Escaped
#28	Accept Stripe Payments	21	373	882	20k+	2026-05-07	Missing
#29	Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	21	786	3,395	30k+	2026-06-17	Non Prefixed Variable Found
#30	WP phpMyAdmin	21	4,528	6,435	50k+	2025-10-17	Missing Arg Domain
#31	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	21	1,354	1,140	70k+	2026-06-08	Output Not Escaped
#32	Frontend Admin by DynamiApps	22	5,922	3,208	10k+	2026-06-17	Text Domain Mismatch
#33	Advanced Ads – Ad Manager & AdSense	22	578	734	100k+	2026-06-08	Non Prefixed Variable Found
#34	Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots	22	1,604	2,019	10k+	2026-06-10	Direct Query
#35	BuddyPress	22	583	9,008	100k+	2025-09-24	Non Prefixed Function Found
#36	RegistrationMagic – User Registration Forms Plugin	22	3,654	5,062	8k+	2026-06-20	Non Prefixed Variable Found
#37	Download Manager	22	2,290	1,301	100k+	2026-06-16	Output Not Escaped
#38	Dynamic QR Code – generator	22	238	208	6k+	2024-12-29	missing direct file access protection
#39	E2Pdf – Export Pdf Tool for WordPress	22	1,075	836	10k+	2026-06-16	Unsafe Printing Function
#40	Events Manager – Calendar, Bookings, Tickets, and more!	22	4,722	5,621	70k+	2026-06-19	Output Not Escaped
#41	File Manager Pro – Filester	22	565	391	100k+	2026-05-23	Missing Unslash
#42	Five Star Restaurant Menu and Food Ordering	22	752	609	5k+	2026-06-03	Output Not Escaped
#43	FunnelKit Payment Gateway for Stripe WooCommerce	22	244	321	20k+	2026-05-21	Input Not Sanitized
#44	GeoDirectory – WP Business Directory Plugin and Classified Listings Directory	22	4,462	3,972	10k+	2026-06-10	Output Not Escaped
#45	Anti-Malware Security and Brute-Force Firewall	22	544	965	100k+	2026-03-09	Output Not Escaped
#46	Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms	22	1,037	722	20k+	2026-05-27	Unsafe Printing Function
#47	IMPress for IDX Broker	22	1,085	636	7k+	2026-04-14	Text Domain Mismatch
#48	InfiniteWP Client	22	2,286	1,812	200k+	2026-02-26	Exception Not Escaped
#49	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	22	2,361	3,384	70k+	2026-06-17	Non Prefixed Variable Found
#50	MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.	22	2,619	2,453	10k+	2026-06-19	Output Not Escaped