PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#451TrustMate.io – WooCommerce integration36251973k+Output is not escaped
#452Ubigeo de Perú para Woocommerce y WordPress361912354k+Non-prefixed function
#453Disable Payment Methods based on cart conditions for WooCommerce36158571k+Non Singular String Literal Domain
#454Add to Cart Redirect for WooCommerce372151418k+Text Domain Mismatch
#455AJAX Hits Counter + Popular Posts Widget37247441k+Output is not escaped
#456Async JS and CSS37901700Text Domain Mismatch
#457Before After Image Comparison Slider for Elementor37904110k+Text Domain Mismatch
#458Blog News Addons For Elementor (News, Magazine and Blog Addons)3723296400Non-prefixed global variable
#459Customize WordPress Emails and Alerts – Better Notifications for WP37644730k+Missing Arg Domain
#460Contact Zalo Report SW374439900Missing Arg Domain
#461Delivery Date Time & Pickup for WooCommerce37148216400Output is not escaped
#462Catalog Booster & Product Catalog Mode for WooCommerce371061681k+Non-prefixed function
#463Duo Two-Factor Authentication3744613k+Missing nonce verification
#464Pricing Table WordPress Plugin – Easy Pricing Tables3733216110k+Output is not escaped
#465WP eBay Product Feeds3713631700Output is not escaped
#466Favorites3720412110k+Unsafe printing function
#467GoCache3727343900Non Singular String Literal Domain
#468Lightbox with PhotoSwipe371792420k+Output is not escaped
#469PiWeb Live sales notification for WooCommerce372897730k+Text Domain Mismatch
#470LiveAgent – Omnichannel Help Desk & Live Chat Software37125142400Non Singular String Literal Domain
#471Sendle Shipping Plugin379164800wp function not compatible with requires wp
#472Optin Forms – Simple List Building Plugin for WordPress37647223k+Output is not escaped
#473Product Image Hover Effects WOOC – WPSHARE2473716194800Output is not escaped
#474Product page shipping calculator for WooCommerce372171171k+Text Domain Mismatch
#475resmio button & widget379936400Text Domain Mismatch
#476Reusable Content Blocks37349144k+Text Domain Mismatch
#477Rich Table of Contents372625720k+Output is not escaped
#478Robots & Sitemap3719928500Text Domain Mismatch
#479Snippet Shortcodes373591334k+Non Singular String Literal Domain
#480Skimlinks Affiliate Marketing Tool378419800wp function not compatible with requires wp
#481Theme Builder For Elementor37477282k+Text Domain Mismatch
#482User Meta Display377874500Output is not escaped
#483Varnish/Nginx Proxy Caching3728736600Output is not escaped
#484Skroutz & Bestprice XML feed for WooCommerce37161411k+Text Domain Mismatch
#485WP Category Permalink3775312k+Output is not escaped
#486WP Export Categories & Taxonomies3716935500Output is not escaped
#487XT Visitor Counter37177527k+Output is not escaped
#488Yada Wiki37207452k+Text Domain Mismatch
#489YOURLS Link Creator3719639500Text Domain Mismatch
#490Zendesk Chat37446710k+Output is not escaped
#491Add Customer for WooCommerce382291531k+Text Domain Mismatch
#492Admin Tools38189103k+Unsafe printing function
#493AdRoll for WooCommerce Stores384025600Output is not escaped
#494Advanced Sermons388331841k+Unsafe printing function
#495Any Mobile Theme Switcher38695920k+Output is not escaped
#496Bot Block – Stop Spam Referrals in Google Analytics382842600Output is not escaped
#497Car Route Planner Plugin3813517400Output is not escaped
#498CC Child Pages38631529k+Non-prefixed global variable
#499country-redirect385819400Text Domain Mismatch
#500One page checkout and layouts for woocommerce3883523k+Non-prefixed global variable