WordPress.WP.AlternativeFunctions.file_system_operations_chgrp
file system operations chgrp
The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.
Why It Shows Up
Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.
Why It Matters
WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.
How to Fix
- Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
- Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
- Never write PHP code from user input or remote responses.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | JetBackup – Backup, Restore & Migrate | 10 | 1,559 | 145 | 100k+ | Exception Not Escaped | |
| #2 | WebP Express | 21 | 160 | 427 | 300k+ | Non Prefixed Variable Found | |
| #3 | Code Profiler – WordPress Performance Profiling and Debugging Made Easy | 22 | 265 | 400 | 8k+ | Non Prefixed Variable Found | |
| #4 | PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP | 22 | 984 | 407 | 5k+ | Unsafe Printing Function | |
| #5 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non Prefixed Class Found | |
| #6 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception Not Escaped | |
| #7 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | Non Prefixed Variable Found |
