PluginScore

WordPress.WP.AlternativeFunctions.file_system_operations_readfile

file system operations readfile

The plugin performs filesystem work with raw PHP functions where WordPress expects safer filesystem handling.

medium weight

Why It Shows Up

Plugin Check found functions such as `fopen`, `fwrite`, `chmod`, `mkdir`, `readfile`, or related operations.

Why It Matters

WordPress sites can use different filesystem permissions and transports. Raw filesystem calls can fail on common hosts or write to unsafe locations.

How to Fix

  • Use WordPress filesystem helpers when writing, reading, or changing files in plugin-managed paths.
  • Validate paths and keep writes inside directories owned by the plugin or WordPress uploads.
  • Never write PHP code from user input or remote responses.

References

WordPress Filesystem API

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1WP Import Export Lite
csvexportimport
1873897940k+2025-08-04Non Prefixed Variable Found
#2Matomo Analytics – Powerful, Privacy-First Insights for WordPress
GDPRanalyticsbehavior
191,909878100k+2026-06-16Exception Not Escaped
#3Backup Migration
backupbackupsmigrate
219811,09380k+2026-06-05Non Prefixed Variable Found
#4Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More
backupcloud backupdatabase backup
212,5721,2771m+2026-05-22Output Not Escaped
#5Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More
contact formcustom formform builder
21521,959300k+2026-06-16Non Prefixed Variable Found
#6Wordfence Security – Firewall, Malware Scan, and Login Security
2FAfirewallmalware
211,5922,9735m+2026-05-13Output Not Escaped
#7WP phpMyAdmin
databasemanagermysql
214,5286,43550k+2025-10-17Missing Arg Domain
#8wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Table Builderchartcsv
211,3541,14070k+2026-06-08Output Not Escaped
#9Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots
buddypresschat roomgroup chat
221,6042,01910k+2026-06-10Direct Query
#10Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Optimizecacheminify
222,8581,27050k+2026-04-23Text Domain Mismatch
#11Download Manager
digital storedocument managementdownload manager
222,2901,301100k+2026-06-16Output Not Escaped
#12Gutenberg
22628342300k+2026-06-17missing direct file access protection
#13InfiniteWP Client
Multiple adminbackupmulti-site
222,2861,812200k+2026-02-26Exception Not Escaped
#14LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
courseeducationelearning
222,3613,38470k+2026-06-17Non Prefixed Variable Found
#15MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.
mailchimpnewsletterpopup
222,6192,45310k+2026-06-19Output Not Escaped
#16Seraphinite Accelerator
Optimizecachepagespeed
2259425550k+2026-06-19Output Not Escaped
#1710Web Booster – Website speed optimization, Cache & Page Speed optimizer
Optimizecachepagespeed
2251360180k+2026-05-27Non Prefixed Variable Found
#18Theme Editor
editorfiletheme
2279868550k+2026-03-19Output Not Escaped
#19File Manager
elfinderfile managerftp
227405201m+2026-04-21Unsafe Printing Function
#20Advanced Contact form 7 DB
advanced cf7 dbcontact form 7contact form 7 db
237611,95970k+2026-04-20Non Prefixed Variable Found
#21Kadence Blocks — Page Builder Toolkit for Gutenberg Editor
blockseditorgutenberg
23552,127600k+2026-06-11Non Prefixed Variable Found
#22MailPoet – Newsletters, Email Marketing, and Automation
Email Marketingemail automationnewsletter
23858711500k+2026-06-17Exception Not Escaped
#23Media Library Assistant
categoriesimagesmedia
231,1443,94370k+2026-06-08Recommended
#24Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
galleryimage galleryphoto gallery
232,119986400k+2026-05-27Text Domain Mismatch
#25Photo Gallery by 10Web – Mobile-Friendly Image Gallery
galleryimage galleryphoto gallery
234,1591,553100k+2026-05-29Output Not Escaped
#26Slider by 10Web – Responsive Image Slider
image sliderresponsive sliderslider
235,81497610k+2024-12-26Output Not Escaped
#27SiteOrigin Widgets Bundle
blocksblogcontact form
23607455400k+2026-05-19Output Not Escaped
#28Strong Testimonials
star ratingstestimonial formtestimonial plugin
2319239390k+2026-05-21Recommended
#29WP Editor
Page Editorcode editorplugin editor
2350233520k+2026-03-11Unsafe Printing Function
#30FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Email Marketingcart abandonmentfollow up emails
231,1252,15320k+2026-05-22missing direct file access protection
#31WP Migrate Lite – Migration Made Easy
cloneexport siteimport site
23368254200k+2026-06-02Exception Not Escaped
#32WP STAGING – WordPress Backup, Restore & Migration
backupmigrationrestore
231,4141,327100k+2026-05-22Non Prefixed Variable Found
#33A2 Optimized WP – Turbocharge and secure your WordPress site
Optimizea2 hostingcache
2427123160k+2025-02-10Missing Arg Domain
#34Ad Inserter – Ad Manager & AdSense Ads
ad managerad rotationads
244,241811300k+2026-05-30Output Not Escaped
#35Backuply – Backup, Restore, Migrate and Clone
backupcloud backupdatabase backup
24704551700k+2026-05-27Non Prefixed Variable Found
#36Custom Twitter Feeds – A Tweets Widget or X Feed Widget
Custom Twitter FeedX feedtwitter
24446922100k+2026-06-10Output Not Escaped
#37Customer Reviews for WooCommerce
customer reviewsreview for discountreview plugin
242,2052,45280k+2026-06-15Output Not Escaped
#38Doubly – Cross Domain Copy Paste for WordPress
backupcopycross domain
242525510k+2025-12-23Output Not Escaped
#39DSGVO All in one for WP
GDPRcookiecookie notice
24751,63720k+2026-04-11Non Prefixed Variable Found
#40Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Critical CSScachecaching
243,41086670k+2026-05-18Text Domain Mismatch
#41InstaWP Connect – 1-click WP Staging & Migration
backupclonemigrate
2425381140k+2026-06-17Non Prefixed Variable Found
#42Newsletter – Send awesome emails from WordPress
Email Marketingnewslettersignup forms
248942,212200k+2026-06-17Non Prefixed Variable Found
#43PixelYourSite – Your smart PIXEL (TAG) & API Manager
Google Consent Mode V2Meta Conversion APIMeta Pixel
241,1602,407500k+2026-06-09Non Prefixed Namespace Found
#44SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator
contact formform builderforms
24351250500k+2026-06-18Text Domain Mismatch
#45Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
User Registrationcommunitymember
249382,935200k+2026-06-12Non Prefixed Variable Found
#46Unlimited Elements For Elementor
elementorelementor addonselementor templates
247092,092300k+2026-05-14Non Prefixed Variable Found
#47UpdraftPlus: WP Backup & Migration Plugin
backupcloud backupdatabase backup
242772993m+2026-06-05Non Prefixed Variable Found
#48Yoast SEO – Advanced SEO with real-time guidance and built-in AI
Content analysisReadabilityschema
2415938610m+2026-06-10Non Prefixed Variable Found
#49SlimStat Analytics
analyticsgeolocationreports
241,16973770k+2026-05-13Exception Not Escaped
#50WPeMatico RSS Feed Fetcher
content curationfeed to postrss
241,37658210k+2026-06-15Output Not Escaped