PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#651BP Auto Group Join425555700Output is not escaped
#652Change Background Color for Pages, Posts, Widgets42357500Text Domain Mismatch
#653Comment Blacklist Updater4245151k+Output is not escaped
#654Disable Recaptcha – CF7427352k+Output is not escaped
#655Disable User Login4225195k+Unsafe printing function
#656Storefront Online Ordering by DoorDash427610600Output is not escaped
#657Easy Video Player42202020k+Output is not escaped
#658Exit Popup425151k+Output is not escaped
#659FCM Push Notification from WP424316500Non Singular String Literal Domain
#660Flamix: Bitrix24 and Contact Form 7 integrations427941k+Output is not escaped
#661Goolytics – Simple Google Analytics423754k+Unsafe printing function
#662Hide Featured Image42261210k+Unsafe printing function
#663NS Remove Related Products for WooCommerce4295433k+Output is not escaped
#664reCAPTCHA for WooCommerce42803140k+Output is not escaped
#665Rename wp-admin login4223388k+Output is not escaped
#666Set All First Images As Featured424413700Text Domain Mismatch
#667Simple Meta Tags422813700Output is not escaped
#668Sticky Floating Button (Book Now, Contact, Call To Action…)429526900Missing Arg Domain
#669SuperSaaS – online appointment scheduling4279101k+Text Domain Mismatch
#670Top Bar42751110k+Output is not escaped
#671WC Price History4218214k+Database parameter is not escaped
#672WC Speed Repair4234741k+Non-prefixed global variable
#673WP Before After Image Slider – Interactive Image and Video Comparison Plugin for WordPress42112171k+Text Domain Mismatch
#674WP Fingerprint4234479k+Direct Query
#675WPFomo42459600Output is not escaped
#676AddFunc Head & Footer Code43281820k+Output is not escaped
#677Anonymous Restricted Content4322241k+Unsafe printing function
#678Anti-spam Reloaded4319192k+Output is not escaped
#679Auto Alt Text4352134k+Exception output is not escaped
#680Category Editor4354188k+Unsafe printing function
#681Charla Live Chat433313500Output is not escaped
#682jQuery UI Widgets4313151k+Unsafe printing function
#683Lightbox432910700Unsafe printing function
#684Rut Chileno con Validación para WooCommerce4335161k+Text Domain Mismatch
#685ShinyStat Analytics436581k+Output is not escaped
#686utm.codes433433400Missing nonce verification
#687Sovrn439291k+Input is not sanitized
#688WP Extra File Types43112640k+Request data is not unslashed
#689WP Post Expires4321152k+Output is not escaped
#690Cookie Bar4429310k+Unsafe printing function
#691LIQUID SPEECH BALLOON44343010k+Output is not escaped
#692Minimum Order Amount for Woocommerce4450162k+Text Domain Mismatch
#693Narrative Publisher4428371k+Text Domain Mismatch
#694Notix – Web Push Notifications442241600Non-prefixed global variable
#695Setmore Appointments4445134k+Output is not escaped
#696Simple Full Screen Background Image44231310k+Output is not escaped
#697TP Product Description in Loop for WooCommerce44487500Setting is missing a sanitization callback
#698Trusty Whistleblowing Solution4423416400Text Domain Mismatch
#699User Posts Limit4482222k+Output is not escaped
#700Contact Details4543291k+Non Singular String Literal Text