WordPress.Security.PluginMenuSlug.Using__FILE__
Using FILE
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Smart Forms – when you need more than just a contact form | 21 | 776 | 574 | 5k+ | Output Not Escaped | |
| #2 | HeadSpace2 SEO | 22 | 940 | 360 | 3k+ | Text Domain Mismatch | |
| #3 | BlossomThemes Email Newsletter | 23 | 337 | 239 | 20k+ | Output Not Escaped | |
| #4 | SEO Redirection Plugin – 301 Redirect Manager | 23 | 272 | 727 | 10k+ | Non Prefixed Variable Found | |
| #5 | eCommerce Product Catalog Plugin for WordPress | 24 | 621 | 3,177 | 7k+ | Non Prefixed Function Found | |
| #6 | WP Meta and Date Remover | 24 | 665 | 1,314 | 90k+ | Non Prefixed Variable Found | |
| #7 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software | 24 | 2,010 | 5,688 | 20k+ | Non Prefixed Variable Found | |
| #8 | All 404 Redirect to Homepage | 25 | 140 | 301 | 200k+ | date date | |
| #9 | Booking Package | 25 | 1,700 | 3,977 | 10k+ | Missing | |
| #10 | Sitemap by click5 | 25 | 286 | 132 | 6k+ | Unsafe Printing Function | |
| #11 | iQ Block Country | 27 | 164 | 245 | 20k+ | Missing Unslash | |
| #12 | VOD Infomaniak | 27 | 797 | 385 | 20k+ | Output Not Escaped | |
| #13 | DB Cache Reloaded Fix | 29 | 133 | 42 | 2k+ | Output Not Escaped | |
| #14 | Custom Field Template | 30 | 521 | 618 | 30k+ | Recommended | |
| #15 | Widgetize Pages Light | 30 | 145 | 104 | 3k+ | Output Not Escaped | |
| #16 | WP125 | 31 | 178 | 184 | 3k+ | Unsafe Printing Function | |
| #17 | AGCA – Custom Dashboard & Login Page | 34 | 350 | 44 | 20k+ | Unsafe Printing Function | |
| #18 | Audit Trail | 34 | 90 | 107 | 10k+ | Unsafe Printing Function | |
| #19 | Forms: 3rd-Party Integration | 34 | 234 | 112 | 5k+ | Output Not Escaped | |
| #20 | HTML Import 2 | 34 | 273 | 26 | 5k+ | Unsafe Printing Function | |
| #21 | Search Meter | 34 | 191 | 94 | 20k+ | Output Not Escaped | |
| #22 | ReOrder Posts within Categories | 35 | 39 | 207 | 7k+ | Non Prefixed Variable Found | |
| #23 | Simple Header Footer HTML | 35 | 30 | 5 | 3k+ | Output Not Escaped | |
| #24 | User Photo | 35 | 112 | 68 | 3k+ | Output Not Escaped | |
| #25 | Easy Accept Payments via PayPal | 35 | 322 | 128 | 7k+ | Text Domain Mismatch | |
| #26 | WP-Paginate | 35 | 37 | 55 | 20k+ | Input Not Validated | |
| #27 | authLdap | 36 | 47 | 30 | 5k+ | Exception Not Escaped | |
| #28 | Peter’s Post Notes | 36 | 224 | 102 | 3k+ | Output Not Escaped | |
| #29 | Photoswipe Masonry Gallery | 36 | 57 | 47 | 6k+ | Non Singular String Literal Text | |
| #30 | Plugins Garbage Collector (Database Cleanup) | 36 | 32 | 51 | 10k+ | Missing | |
| #31 | WP Super Edit | 36 | 35 | 185 | 2k+ | Recommended | |
| #32 | Images to WebP | 37 | 39 | 50 | 9k+ | curl curl setopt | |
| #33 | OSM – OpenStreetMap | 37 | 130 | 64 | 10k+ | Output Not Escaped | |
| #34 | PNG to JPG | 37 | 130 | 173 | 9k+ | Interpolated Not Prepared | |
| #35 | Publish to Schedule | 37 | 195 | 43 | 4k+ | Text Domain Mismatch | |
| #36 | WP PageNavi Style | 37 | 109 | 11 | 8k+ | Unsafe Printing Function | |
| #37 | Any Mobile Theme Switcher | 38 | 69 | 59 | 20k+ | Output Not Escaped | |
| #38 | Attachments | 38 | 238 | 66 | 8k+ | Unsafe Printing Function | |
| #39 | Multiple Domain Mapping on Single Site | 38 | 135 | 51 | 6k+ | Text Domain Mismatch | |
| #40 | Simple Google Sitemap XML | 38 | 38 | 8 | 2k+ | Output Not Escaped | |
| #41 | mb.miniAudioPlayer – an HTML5 audio player for your mp3 files | 38 | 204 | 6 | 4k+ | Unsafe Printing Function | |
| #42 | Faster Image Insert | 39 | 94 | 26 | 2k+ | Output Not Escaped | |
| #43 | hpb seo plugin for WordPress | 39 | 15 | 87 | 2k+ | Non Prefixed Variable Found | |
| #44 | Mail Subscribe List | 39 | 17 | 94 | 3k+ | Input Not Validated | |
| #45 | TinyMCE Custom Styles | 39 | 297 | 76 | 7k+ | Non Singular String Literal Domain | |
| #46 | Uptolike Social Share Buttons | 39 | 38 | 33 | 4k+ | Output Not Escaped | |
| #47 | UserHeat Plugin | 39 | 121 | 20 | 6k+ | Non Singular String Literal Domain | |
| #48 | WP Realtime Sitemap | 39 | 46 | 41 | 10k+ | Output Not Escaped | |
| #49 | SEO Auto Linker | 39 | 97 | 62 | 3k+ | Unsafe Printing Function | |
| #50 | Crisp – Live Chat and Chatbot | 40 | 24 | 20 | 20k+ | Unsafe Printing Function |
