PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#601Widget Menuizer404426600Missing Arg Domain
#602Simple Registration for WooCommerce4027554k+Missing nonce verification
#603Media Library Categories40294920k+Output is not escaped
#604WP Posts Carousel40199123k+Unsafe printing function
#605Social Share Buttons & Analytics Plugin – GetSocial.io4097252k+Output is not escaped
#606WPFront Notification Bar402224450k+Output is not escaped
#607Simple Counter4160121k+Unsafe printing function
#608Amazon Link Engine4138172k+Output is not escaped
#609ATP Call Now41987700Output is not escaped
#610Backend Designer4150111k+Output is not escaped
#611Book Now4175141k+Output is not escaped
#612Bulk Images to Posts415551k+Unsafe printing function
#613Carbon Copy4164893k+Text Domain Mismatch
#614Čeština: zalomení řádků418686k+Text Domain Mismatch
#615Checklist416225400Text Domain Mismatch
#616CloudGuard4141131k+Output is not escaped
#617Cookie Notice & Consent41101291k+Output is not escaped
#618DevVN Local Store4184281k+Unsafe printing function
#619Disable Everything41901630k+Output is not escaped
#620Disqus Conditional Load4138143k+Output is not escaped
#621DigitalOcean Spaces Sync41808500Text Domain Mismatch
#622GDPR tools: Cookie notice + privacy416786k+Unsafe printing function
#623Duplicate Post Page Menu & Custom Post Type41351110k+Text Domain Mismatch
#624Embed Chessboard411039600Text Domain Mismatch
#625Featured Image Generator4131161k+Output is not escaped
#626(Simply) Guest Author Name4135362k+Output is not escaped
#627Import external attachments4118262k+Output is not escaped
#628Inpost Paczkomaty4135688k+Text Domain Mismatch
#629Ko-fi Button4175155k+Output is not escaped
#630Lazy Load XT41877600Non Singular String Literal Domain
#631Native Emoji4154375k+Unsafe printing function
#632Live Chat & AI Chatbot – onWebChat413085700error log error log
#633Page Specific Menu Items4178192k+Output is not escaped
#634Post Cloner4125151k+Text Domain Mismatch
#635Powie's WHOIS Domain Check413811500Unsafe printing function
#636Preload LCP Image41110314k+Unsafe printing function
#637Quick View WooCommerce4180121k+Output is not escaped
#638ShinyStat Analytics4188251k+Output is not escaped
#639Simple Restrict4134121k+Output is not escaped
#640Smooth Scroll Up4161106k+Output is not escaped
#641Smoove connector for Elementor forms412260600Nonce verification recommended
#642Taxonomy Filter4114340800Output is not escaped
#643Terms of Service & Privacy Policy Generator41991600Output is not escaped
#644Feedback Company416336800Output is not escaped
#645Unbloater4157185k+Output is not escaped
#646fancyBox 3 for WordPress4172111k+Output is not escaped
#647WaveSurfer-WP418322400Unsafe printing function
#648WC Multiple Email Recipients418534k+Text Domain Mismatch
#649WP Media folders4119743k+Direct Query
#650Add to Cart Button Custom Text4298410k+Text Domain Mismatch