PluginScore

WordPress.WP.AlternativeFunctions.parse_url_parse_url

parse url parse url

The plugin uses raw URL parsing where WordPress URL helpers may be safer or more compatible.

medium weight

Why It Shows Up

Plugin Check found `parse_url()` in plugin code.

Why It Matters

URL parsing is easy to get subtly wrong, especially with relative URLs, encoded values, and malformed input.

How to Fix

  • Use WordPress helpers such as `wp_parse_url()`, `esc_url_raw()`, `esc_url()`, and `wp_http_validate_url()` where they fit.
  • Validate schemes and hosts before using parsed URL parts.
  • Do not use parsed URLs to build redirects or requests without allowlisting.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1BulletProof Security
firewalllogin securitymalware scanner
05,0484,94920k+2026-05-20Output Not Escaped
#2JetBackup – Backup, Restore & Migrate
backupremote backuprestore
101,559145100k+2026-05-03Exception Not Escaped
#3wpForo Forum
bbPresscommunityforum
174,0332,92220k+2026-05-31Unsafe Printing Function
#4Prime Slider Addons for Elementor
content sliderelementor addonhero slider
183,500230100k+2026-06-15Text Domain Mismatch
#5WP Import Export Lite
csvexportimport
1873897940k+2025-08-04Non Prefixed Variable Found
#6Element Pack – Widgets, Templates & Addons for Elementor
WooCommerce widgetselementor addonselementor templates
199,448517100k+2026-06-16Text Domain Mismatch
#7Download Monitor
digital storedownload managerecommerce
194251,36480k+2026-06-16Non Prefixed Hookname Found
#8Matomo Analytics – Powerful, Privacy-First Insights for WordPress
GDPRanalyticsbehavior
191,909878100k+2026-06-16Exception Not Escaped
#9Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
2FAhttpssecurity
195413853m+2026-06-17Missing Translators Comment
#10SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments
ecommerceonline storepayments
195261,11990k+2026-06-16Non Prefixed Variable Found
#11BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot
chatgpt ai writerdocsdocumentation
205081,40630k+2026-06-18Non Prefixed Variable Found
#12Brizy – Page Builder
brizyeditorpage builder
2058972070k+2026-06-09Output Not Escaped
#13Filter Everything — WordPress & WooCommerce Filters
ajax filterpost filterproduct filter
2056873050k+2026-06-18Output Not Escaped
#14GiveWP – Donation Plugin and Fundraising Platform
crowdfundingdonatedonation
203,4353,580100k+2026-06-15Output Not Escaped
#15Brevo – Email, SMS, Web Push, Chat, and more.
Email Marketingbrevoforms
20460646100k+2026-04-10Missing Unslash
#16Microthemer Lite – Visual Editor to Customize CSS
csscustomizegoogle fonts
201,0041,69910k+2026-04-15Non Prefixed Variable Found
#17Razorpay for WooCommerce
curlecindiapayments
20974855100k+2026-06-19Non Prefixed Function Found
#18Store Locator WordPress
Google MapsStore locatordirections
212,3721,57210k+2026-06-03Text Domain Mismatch
#19Backup Migration
backupbackupsmigrate
219811,09380k+2026-06-05Non Prefixed Variable Found
#20bbPress
discussionforumforums
219293,672100k+2025-07-02Non Prefixed Function Found
#21Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More
backupcloud backupdatabase backup
212,5721,2771m+2026-05-22Output Not Escaped
#22Envo Extra
demoelementorenvothemes
2187860020k+2026-05-27Text Domain Mismatch
#23FileOrganizer – WordPress File Manager
FileOrganizerfile explorerfile manager
21536241200k+2026-06-10unlink unlink
#24Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More
contact formcustom formform builder
21521,959300k+2026-06-16Non Prefixed Variable Found
#25Modular DS: Monitor, update, and backup multiple websites
backupbackupsmonitoring
211618140k+2026-05-22Exception Not Escaped
#26MotoPress Hotel Booking
Booking EngineHotelHotel Booking
213,0611,03710k+2026-06-15Text Domain Mismatch
#27Five Star Restaurant Reservations – WordPress Booking Plugin
Reservation Systemopen tablereservation
211,0991,14710k+2026-06-19Output Not Escaped
#28Royal Addons for Elementor – Addons and Templates Kit for Elementor
elementorelementor addonselementor templates
2113,0112,530600k+2026-06-08Text Domain Mismatch
#29Accept Stripe Payments
paymentpaymentsstripe
2137388220k+2026-05-07Missing
#30ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Amazon affiliatesaffiliate linkslink shortner
2119066030k+2026-05-27Non Prefixed Variable Found
#31Revive Social – Social Media Auto Post and Scheduling Automation Plugin
auto postsocial media automationsocial media scheduling
2125542520k+2026-05-21Non Prefixed Hookname Found
#32Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
abandoned cartcart recoveryswatches
217863,39530k+2026-06-17Non Prefixed Variable Found
#33Wordfence Security – Firewall, Malware Scan, and Login Security
2FAfirewallmalware
211,5922,9735m+2026-05-13Output Not Escaped
#34WP phpMyAdmin
databasemanagermysql
214,5286,43550k+2025-10-17Missing Arg Domain
#35All-in-One Video Gallery
HTML5 videovideo galleryvideo player
229112,89220k+2026-05-11Non Prefixed Variable Found
#36Booking for Appointments and Events Calendar – Amelia
appointmentsbookingbooking system
221,48948090k+2026-06-18Exception Not Escaped
#37Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots
buddypresschat roomgroup chat
221,6042,01910k+2026-06-10Direct Query
#38Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Optimizecacheminify
222,8581,27050k+2026-04-23Text Domain Mismatch
#39Directorist: AI-Powered Business Directory, Listings & Classified Ads
business directoryclassifiedsdirectory
224432,12920k+2026-06-09Non Prefixed Variable Found
#40Download Manager
digital storedocument managementdownload manager
222,2901,301100k+2026-06-16Output Not Escaped
#41Events Manager – Calendar, Bookings, Tickets, and more!
blockbookingscalendar
224,7225,62170k+2026-06-19Output Not Escaped
#42FunnelKit Payment Gateway for Stripe WooCommerce
apple paygoogle paystripe
2224432120k+2026-05-21Input Not Sanitized
#43GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
business directoryclassifiedsdirectory
224,4623,97210k+2026-06-10Output Not Escaped
#44Gutenberg
22628342300k+2026-06-17missing direct file access protection
#45LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
courseeducationelearning
222,3613,38470k+2026-06-17Non Prefixed Variable Found
#46MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.
mailchimpnewsletterpopup
222,6192,45310k+2026-06-19Output Not Escaped
#47Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider
carousel slidergalleryimage slider
22207323500k+2026-06-11Non Prefixed Variable Found
#48Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress
author bioauthor boxco-authors
229191,23010k+2026-02-16Output Not Escaped
#49NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall
firewallmalwareprotection
221,2652,065100k+2026-06-07Non Prefixed Variable Found
#50NinjaScanner – Virus & Malware scan
malwareprotectionscanner
2259655130k+2026-06-09Non Prefixed Variable Found