PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

  • Pass a `sanitize_callback` in the `register_setting()` arguments.
  • Use built-in sanitizers for simple values and custom callbacks for structured settings.
  • Validate allowed values and return a safe default when input is invalid.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1001Block Emails for WooCommerce Checkout9143700Setting is missing a sanitization callback
#1002Bootstrap Blocks9183010k+Non-prefixed global variable
#1003Admin Taxonomy Filter92335k+Non-prefixed class
#1004Auto SRI9241500wp function not compatible with requires wp
#1005Expire Passwords9272500Missing Translators Comment
#1006FMTC Affiliate Disclosure92501k+Missing Arg Domain
#1007Version Control for jQuery92516k+Offloaded Content
#1008WOOF by Category92371k+trademarked term
#1009Core Rollback935210k+wp function not compatible with requires wp
#1010DCO Insert Analytics Code93204k+Setting is missing a sanitization callback
#1011No Self Ping932010k+Setting is missing a sanitization callback
#1012Send Emails with Resend9330900Setting is missing a sanitization callback
#1013Showcase Payment Options (icons)93231k+trademarked term
#1014Use Administrator Password9324900Non-prefixed hook name