PluginScore

WordPress.Security.EscapeOutput.ExceptionNotEscaped

Exception output is not escaped

An exception message or related exception value is printed without escaping.

critical weight

Why It Shows Up

The scan found exception data being displayed directly in HTML output.

Why It Matters

Exception messages can include file paths, request values, remote API responses, or database details. Printing them raw can expose information or create XSS risk.

How to Fix

  • Use `esc_html()` or another context-appropriate escaping function before displaying exception text.
  • Show a generic user-facing message and log the detailed exception for administrators or developers.
  • Do not print stack traces, paths, or raw remote responses on public pages.

References

WordPress escaping functions

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#501Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More251,7862,2202k+Non Prefixed Variable Found
#502Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews256451,5851k+Non Prefixed Variable Found
#503Icegram Collect – Easy Form, Lead Collection and Subscription plugin254242902k+Output Not Escaped
#504Independent Analytics – WordPress Analytics Plugin251,1482,293100k+Non Prefixed Variable Found
#505Index WP MySQL For Speed2525025550k+Output Not Escaped
#506IP Location Block2552162410k+Output Not Escaped
#507kk Star Ratings – Rate Post & Collect User Feedbacks257721,38870k+Non Prefixed Variable Found
#508Knit Pay – Cashfree, Instamojo, Razorpay, PayPal and more254,0101,2622k+Text Domain Mismatch
#509Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention256216021m+Unsafe Printing Function
#510Loginizer258145041m+Output Not Escaped
#511Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid256561,5065k+Non Prefixed Variable Found
#512Bulk Page Generator – LPagery256701,9263k+Non Prefixed Variable Found
#513Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails254,6751,4555k+Text Domain Mismatch
#514Create251,5587676k+Text Domain Mismatch
#515Minimum and Maximum Quantity for WooCommerce255561,4363k+Non Prefixed Variable Found
#516MyFatoorah – WooCommerce25191893k+Output Not Escaped
#517Nexter Extension – Security, Performance, Code Snippets & Site Toolkit2519871010k+Recommended
#518NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar2525739740k+Non Prefixed Hookname Found
#519NOWPayments for WooCommerce – Crypto Payment Gateway255341,3064k+Non Prefixed Variable Found
#520Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content256801,513300k+Non Prefixed Variable Found
#521PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin251,0841,2969k+Non Prefixed Variable Found
#522Plover Kit – Blocks, Patterns, Responsive Layout and Gutenberg Editor Enhancements256851,3823k+Non Prefixed Variable Found
#523Post Carousel Divi256861,3012k+Non Prefixed Variable Found
#524Post Snippets – Custom WordPress Code Snippets Customizer258081,64020k+Non Prefixed Variable Found
#525Qyrr – simply and modern QR-Code creation255311,3122k+Non Prefixed Variable Found
#526Really Simple Featured Video – Featured Video Support for Posts, Pages & WooCommerce Products258111,4945k+Non Prefixed Variable Found
#527Role Based Pricing for Woo by Meow Crew255521,3502k+Non Prefixed Variable Found
#528BerqWP – Automatic WordPress Website Speed Optimization251985013k+Non Prefixed Variable Found
#529Seo Optimized Images255261,31610k+Non Prefixed Variable Found
#530ShopMagic – email automation2522814510k+Exception Not Escaped
#531SimpLy Gallery255321,42240k+Non Prefixed Variable Found
#532Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin2596073860k+Text Domain Mismatch
#533Simply Static – The Static Site Generator2516344630k+Non Prefixed Hookname Found
#534Smart phone field for Gravity Forms255401,3166k+Non Prefixed Variable Found
#535SEO Plugin by Squirrly SEO251,13022240k+Missing Translators Comment
#536OttoKit: All-in-One Automation Platform251,5281,80690k+missing direct file access protection
#537TablePress – Tables in WordPress made easy258472,174600k+Non Prefixed Variable Found
#538Tamara Checkout256012282k+Exception Not Escaped
#539TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder257051,58710k+Non Prefixed Variable Found
#540Timeline Express255311479k+Text Domain Mismatch
#541TrackShip for WooCommerce254219576k+Non Prefixed Variable Found
#542Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor256901,58150k+Non Prefixed Variable Found
#543Social Media Share Buttons & Social Sharing Icons252,4331,383100k+Unsafe Printing Function
#544Social Share Icons & Social Share Buttons252,3651,35710k+Output Not Escaped
#545VikBooking Hotel Booking Engine & PMS2513,2328,3128k+Output Not Escaped
#546VikRentCar Car Rental Management System255,5375,0484k+Non Prefixed Variable Found
#547W3 Total Cache256171,345900k+Non Prefixed Variable Found
#548Product Customer List for WooCommerce256101,3349k+Non Prefixed Variable Found
#549weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot252795184k+Non Prefixed Variable Found
#550weForms – Easy Drag & Drop Contact Form Builder For WordPress2591645010k+Output Not Escaped