FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …
Category Scores
Top Issues by Category
maintainability436
security204
Issues Details
777 issues found in latest scan
unlink() is discouraged. Use wp_delete_file() to delete a file.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
Processing form data without nonce verification.
Detected usage of a non-sanitized input variable: $_FILES['content']['tmp_name']
$_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
Detected usage of a possibly undefined superglobal array index: $_FILES['content']['tmp_name']. Check that the array index exists before using it.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
error_reporting() can lead to full path disclosure.
Processing form data without nonce verification.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$err'.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch().
rename() is discouraged. Use WP_Filesystem::move() to rename a file.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 88 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fclose | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose(). | 60 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 60 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 53 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_FILES['content']['tmp_name'] | 48 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET[$name] not unslashed before sanitization. Use wp_unslash() or similar | 45 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fopen | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen(). | 43 |
| WordPress.WP.AlternativeFunctions.curl_curl_setopt | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 39 |
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 30 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_FILES['content']['tmp_name']. Check that the array index exists before using it. | 28 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fread | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread(). | 27 |
| WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir(). | 20 |
| WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting | WARNING | error_reporting() can lead to full path disclosure. | 19 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 16 |
| WordPress.WP.AlternativeFunctions.curl_curl_init | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 16 |
| WordPress.WP.AlternativeFunctions.curl_curl_setopt_array | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 16 |
| WordPress.WP.AlternativeFunctions.file_system_operations_chmod | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod(). | 15 |
| WordPress.Security.EscapeOutput.ExceptionNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$err'. | 14 |
| WordPress.WP.AlternativeFunctions.file_system_operations_touch | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: touch(). | 14 |
| WordPress.WP.AlternativeFunctions.rename_rename | ERROR | rename() is discouraged. Use WP_Filesystem::move() to rename a file. | 12 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function ini_set() is discouraged | 9 |
| WordPress.WP.AlternativeFunctions.file_system_operations_fwrite | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite(). | 8 |
| WordPress.WP.AlternativeFunctions.curl_curl_exec | ERROR | Using cURL functions is highly discouraged. Use wp_remote_get() instead. | 7 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 7 |
| WordPress.DateTime.RestrictedFunctions.date_date | ERROR | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | 6 |
Latest Snapshot
Findings
777
Errors
536
Warnings
241
Score History
First score snapshot
First scan completed Jun 19, 2026
v1.2.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v1.2.0
21
Latest
- Findings
- 777
- Errors
- 536
- Warnings
- 241
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 21 | 777 | 536 | 241 | v1.2.0 | 2.0.0 | 2026.06-mvp-static-v2 |
