PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#501Elemailer Lite – Elementor email template & campaign builder3844505k+Output is not escaped
#502PiWeb Product Enquiry or product catalog for WooCommerce382551451k+Text Domain Mismatch
#503Flexy Breadcrumb382411320k+Output is not escaped
#504CAOS | Host Google Analytics Locally381244410k+Output is not escaped
#505Lana Downloads Manager38146783k+Unsafe printing function
#506MimeTypes Link Icons3853348k+Output is not escaped
#507Podlove Subscribe button38148452k+Output is not escaped
#508Polaroid Gallery38105201k+Unsafe printing function
#509Like This3860171k+Output is not escaped
#510RSS Feed Widget38207892k+Unsafe printing function
#511SimpleShop3852511k+date date
#512VdoCipher: Secure Video Player and Hosting3837542k+Non-prefixed function
#513TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys387149900Output is not escaped
#514Vietnam Checkout for WooCommerce389313710k+Nonce verification recommended
#515WP Hebrew Date3810213600Output is not escaped
#516WP Client Reports3895806k+Unsafe printing function
#517WP Discord Post Plus – Supports Unlimited Channels3811634700Text Domain Mismatch
#518WP Maintenance Mode & Site Under Construction3872573k+Output is not escaped
#519mb.miniAudioPlayer – an HTML5 audio player for your mp3 files3820464k+Unsafe printing function
#520External Store for Shopify3897332k+Output is not escaped
#521mb.YTPlayer for background videos3880291k+Unsafe printing function
#522ZeroBounce Email Verification & Validation382991621k+Text Domain Mismatch
#523Accounting for WooCommerce3987115500Unsafe printing function
#524ACF: Google Font Selector3957453k+Output is not escaped
#525ACF Recent Posts Widget3926016500Output is not escaped
#526Advanced Woo Labels – Product Labels & Badges for WooCommerce3917312510k+Output is not escaped
#527Archive Control39151671k+Unsafe printing function
#528bbPress Voting392753500Output is not escaped
#529bbPress Moderation397515500Non Singular String Literal Domain
#530Better User Search392444700SQL query is not prepared
#531Blogger Importer Extended3955454k+Output is not escaped
#532Cache Images3972271k+Unsafe printing function
#533Calculator Builder – Create an Online Calculator39162211k+Non-prefixed global variable
#534Innozilla Skins for Contact Form 739152222k+Output is not escaped
#535Contact Form 7 – Dynamic Text Extension3910328100k+Output is not escaped
#536Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)39284580k+Missing nonce verification
#537Dublin Core Metadata Generator397415900Output is not escaped
#538WeShareAI – AI-Powered Share Buttons (formerly E-MAILiT)3916524700Unsafe printing function
#539Editor Menu and Widget Access3981247k+Output is not escaped
#540Enhanced Admin Bar with Codex Search396431k+Missing Arg Domain
#541FaniMani.pl3910311600Output is not escaped
#542Flamix: Bitrix24 and WooCommerce Orders integration398131500Output is not escaped
#543GDPRess | Eliminate external requests to increase GDPR compliance3960261k+Output is not escaped
#544Google Calendar Widget398211700Output is not escaped
#545Insert Amz Images3979441k+Output is not escaped
#546Media Sync39193750k+Short PHP open tag found
#547OneSignal Sender3911250400Output is not escaped
#548Responsify WP399011600Unsafe printing function
#549Rollbar397514400Output is not escaped
#550Scripts n Styles391509230k+Output is not escaped