PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

Pass a `sanitize_callback` in the `register_setting()` arguments.
Use built-in sanitizers for simple values and custom callbacks for structured settings.
Validate allowed values and return a safe default when input is invalid.

References

WordPress validating, sanitizing, and escaping

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Intercom	0	60	71	6k+	1 year ago	Non-prefixed function
#2	AnyComment	17	445	449	5k+	4 years ago	Output is not escaped
#3	Podlove Podcast Publisher	18	2,326	1,429	3k+	18 days ago	Output is not escaped
#4	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	10 days ago	Non-prefixed global variable
#5	Download Monitor	19	425	1,364	80k+	6 days ago	Non-prefixed hook name
#6	Event Organiser	19	1,106	544	20k+	2 years ago	Text Domain Mismatch
#7	Razorpay Payment Button Plugin	19	486	98	2k+	1 year ago	Exception output is not escaped
#8	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	27 days ago	Text Domain Mismatch
#9	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	today	Output is not escaped
#10	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe printing function
#11	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output is not escaped
#12	Eupago Gateway For Woocommerce	21	612	320	2k+	2 months ago	Output is not escaped
#13	Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)	21	420	861	1m+	today	Non-prefixed global variable
#14	MotoPress Hotel Booking	21	3,061	1,037	10k+	7 days ago	Text Domain Mismatch
#15	OneLogin SAML SSO	21	508	330	7k+	7 months ago	wp function not compatible with requires wp
#16	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	20 days ago	Non-prefixed hook name
#17	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	12 days ago	Nonce verification recommended
#18	Razorpay Quick Payments	21	399	63	3k+	1 year ago	Exception output is not escaped
#19	Rocket Maintenance Mode & Coming Soon Page	21	1,176	1,406	4k+	2 years ago	Non-prefixed global variable
#20	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	14 days ago	Text Domain Mismatch
#21	Seamless Donations is Sunset	21	600	514	2k+	2 years ago	Text Domain Mismatch
#22	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non-prefixed global variable
#23	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	18 days ago	Exception output is not escaped
#24	Pay For Post with WooCommerce	21	960	1,474	1k+	5 months ago	Non-prefixed global variable
#25	WPScan – WordPress Security Scanner	21	527	265	8k+	5 months ago	Text Domain Mismatch
#26	Advanced Ads – Ad Manager & AdSense	22	578	734	100k+	14 days ago	Non-prefixed global variable
#27	Shortcodes and extra features for Phlox theme	22	413	426	90k+	1 month ago	Output is not escaped
#28	Borderless – Addons and Templates for Elementor	22	438	1,388	5k+	7 months ago	Non-prefixed global variable
#29	Cleanup Action Scheduler	22	545	1,306	1k+	1 year ago	Non-prefixed global variable
#30	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	22	705	845	8k+	today	Non-prefixed global variable
#31	E2Pdf – Export Pdf Tool for WordPress	22	1,075	836	10k+	6 days ago	Unsafe printing function
#32	Finale Lite – Sales Countdown Timer & Discount for WooCommerce	22	1,031	451	4k+	1 year ago	Output is not escaped
#33	IMPress for IDX Broker	22	1,085	636	7k+	2 months ago	Text Domain Mismatch
#34	WP OAuth Server (OAuth Authentication)	22	189	347	3k+	5 months ago	Non-prefixed function
#35	PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP	22	984	407	5k+	2 years ago	Unsafe printing function
#36	Restrict User Access – Ultimate Membership & Content Protection	22	977	1,840	10k+	9 months ago	Non-prefixed global variable
#37	The Moneytizer	22	751	271	1k+	4 months ago	Text Domain Mismatch
#38	Uncanny Toolkit for LearnDash	22	539	994	20k+	24 days ago	Output is not escaped
#39	Advanced AJAX Product Filters	22	2,683	1,205	50k+	27 days ago	Text Domain Mismatch
#40	WPBITS Addons For Elementor Page Builder	22	996	1,399	2k+	5 months ago	Non-prefixed global variable
#41	ЮKassa для WooCommerce	22	591	168	9k+	25 days ago	Short PHP open tag found
#42	Advanced Product Labels for WooCommerce	23	921	559	20k+	27 days ago	Text Domain Mismatch
#43	AI Engine – The Chatbot, AI Framework & MCP for WordPress	23	413	559	100k+	2 days ago	error log error log
#44	Autocomplete Address and Location Picker for WooCommerce	23	630	1,299	2k+	7 months ago	Non-prefixed global variable
#45	Autoptimize	23	288	191	800k+	3 months ago	Output is not escaped
#46	B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More	23	1,347	409	10k+	8 days ago	Text Domain Mismatch
#47	BA Book Everything	23	1,184	1,086	10k+	1 month ago	Output is not escaped
#48	Beds24 Online Booking	23	532	374	2k+	1 year ago	wp function not compatible with requires wp
#49	Cart Notices for WooCommerce	23	650	471	2k+	27 days ago	Text Domain Mismatch
#50	All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more.	23	742	1,343	60k+	10 days ago	Non-prefixed global variable