PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#551Salat Times3923621500Output is not escaped
#552Scripts n Styles391509230k+Output is not escaped
#553Easy Smooth Scroll Links39645600Output is not escaped
#554Shared Files – File Upload & Download Manager3951844k+Nonce verification recommended
#555Show All Comments3910892400Nonce verification recommended
#556Simple Posts Ticker – Easy, Lightweight & Flexible39151282k+Output is not escaped
#557Slideshow SE39352402k+Non-prefixed global variable
#558Tawk.To Manager3920421700Output is not escaped
#559OpenHook39172221k+Unsafe printing function
#560Ultimate Client Dash39697122k+Text Domain Mismatch
#561Woo Button Text395321500Output is not escaped
#562Modal Fly Cart & AJAX Add to Cart for WooCommerce3983742k+Text Domain Mismatch
#563WP Add Custom CSS39452360k+Output is not escaped
#564ACF qTranslate40184258k+Output is not escaped
#565AutoConvert Greeklish Permalinks401161330k+Text Domain Mismatch
#566Better Internal Link Search4023481k+strip tags strip tags
#567Bulk Add Terms407427800Text Domain Mismatch
#568Buy one Get one Free – BOGO discount rule maker for WooCommerce4011957400Text Domain Mismatch
#569Category Featured Images Extended4017740400Text Domain Mismatch
#570Client Portal : SuiteDash Direct Login4093171k+Text Domain Mismatch
#571codoc4019392k+Request data is not unslashed
#572Conditional WooCommerce Checkout Field408422400Unsafe printing function
#573Free Cookie Notice & Consent Banner for Privacy Compliance (GDPR, CCPA, DSGVO and others)4039156k+Missing direct file access protection
#574Corona Virus Data40279271k+Unsafe printing function
#575Crisp – Live Chat and Chatbot40242020k+Unsafe printing function
#576Export Post Info406631k+Unsafe printing function
#577FAQ Concertina404316700Output is not escaped
#578Far Future Expiry Header4025367k+Request data is not unslashed
#579Fusion Page Builder40341003k+Input is not validated
#580Flag Icons40300193k+Output is not escaped
#581Links shortcode407313900Unsafe printing function
#582WP Mobile Redirect404420400Text Domain Mismatch
#583Page Comments Off Please4017291k+Nonce verification recommended
#584Donations via PayPal401431720k+Output is not escaped
#585Popup addon for Ninja Forms40121251k+Output is not escaped
#586Post Tiles40465400Output is not escaped
#587Requirements Checklist4020022900Output is not escaped
#588Product Video Gallery for Woocommerce40613610k+Setting is missing a sanitization callback
#589REST API Custom Fields404416800Text Domain Mismatch
#590LazyLoad Plugin – Lazy Load Images, Videos, and Iframes403117100k+Output is not escaped
#591Select All Categories and Taxonomies, Change Checkbox to Radio Buttons40116303k+Output is not escaped
#592Select Post Export405118500Output is not escaped
#593Serviceform Pixel401822400Output is not escaped
#594Contact Info Widget4018431k+Output is not escaped
#595Simple Page Sidebars40556520k+Output is not escaped
#596Tagging403337500Output is not escaped
#597Tealium407319600Unsafe printing function
#598Track Geolocation Of Users Using Contact Form 74017173900Nonce verification recommended
#599Unlimited Logo Carousel4028615500Text Domain Mismatch
#600Visual Editor Custom Buttons4030484k+Output is not escaped