WordPress.Security.EscapeOutput.ExceptionNotEscaped

Exception output is not escaped

An exception message or related exception value is printed without escaping.

critical weight

Why It Shows Up

The scan found exception data being displayed directly in HTML output.

Why It Matters

Exception messages can include file paths, request values, remote API responses, or database details. Printing them raw can expose information or create XSS risk.

How to Fix

Use `esc_html()` or another context-appropriate escaping function before displaying exception text.
Show a generic user-facing message and log the detailed exception for administrators or developers.
Do not print stack traces, paths, or raw remote responses on public pages.

References

WordPress escaping functions

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#551	weForms – Easy Drag & Drop Contact Form Builder For WordPress	25	916	450	10k+	1 month ago	Output Not Escaped
#552	Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins	25	907	1,418	10k+	2 months ago	Non Prefixed Variable Found
#553	Digital Goods (Checkout Field Editor) for WooCommerce Checkout	25	539	1,479	3k+	2 months ago	Non Prefixed Variable Found
#554	PDF Builder for WooCommerce. Create invoices,packing slips and more	25	372	503	2k+	4 days ago	Non Prefixed Variable Found
#555	Pay with Vipps and MobilePay for WooCommerce	25	845	509	5k+	5 days ago	Output Not Escaped
#556	Wordfence Login Security	25	248	418	70k+	2 months ago	Output Not Escaped
#557	WordPress Importer	25	238	110	2m+	8 months ago	Output Not Escaped
#558	Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals	25	137	353	60k+	1 month ago	Input Not Sanitized
#559	WP Coupons and Deals – WordPress Coupon Plugin	25	914	1,460	1k+	1 month ago	Non Prefixed Variable Found
#560	WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards	25	1,431	1,270	10k+	1 month ago	Output Not Escaped
#561	WP Review Slider	25	1,186	2,279	6k+	17 days ago	Non Prefixed Variable Found
#562	WP Go Maps – Google Map, OpenStreetMap, Leaflet Map	25	4,996	1,008	300k+	5 days ago	Unsafe Printing Function
#563	WP Google Review Slider	25	1,367	2,582	30k+	10 days ago	Non Prefixed Variable Found
#564	WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan	25	727	1,554	50k+	11 days ago	Non Prefixed Variable Found
#565	Nested Pages	25	674	560	90k+	2 months ago	Non Prefixed Variable Found
#566	WP-Polls	25	618	639	40k+	1 year ago	Unsafe Printing Function
#567	Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF	25	154	118	60k+	23 days ago	Non Prefixed Variable Found
#568	Smush – Image Optimization, Compression, Lazy Load, WebP & CDN	25	252	566	1m+	10 days ago	Non Prefixed Hookname Found
#569	WP Statistics – Simple, privacy-friendly Google Analytics alternative	25	610	2,465	600k+	1 month ago	Non Prefixed Variable Found
#570	WP TripAdvisor Review Slider	25	958	2,058	8k+	10 days ago	Non Prefixed Variable Found
#571	Team Members Showcase	25	591	1,494	4k+	1 month ago	Non Prefixed Variable Found
#572	Backup, Restore and Migrate your sites with XCloner	25	238	864	10k+	27 days ago	Input Not Sanitized
#573	YT Player – Embed and Customize Video Players	25	3,163	261	1k+	2 months ago	Output Not Escaped
#574	ActiveCampaign for WooCommerce	26	541	190	6k+	19 days ago	Exception Not Escaped
#575	AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)	26	286	291	8k+	6 months ago	Text Domain Mismatch
#576	Blog Floating Button	26	705	240	9k+	9 months ago	Output Not Escaped
#577	Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar	26	526	263	5k+	2 months ago	Output Not Escaped
#578	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More	26	97	270	10k+	21 days ago	error log error log
#579	Translate WordPress with ConveyThis – AI Multilingual Plugin	26	159	297	1k+	14 days ago	Non Prefixed Variable Found
#580	Easy Post Views Count	26	534	1,180	2k+	2 years ago	Non Prefixed Variable Found
#581	ezCache	26	127	269	10k+	21 days ago	Direct Query
#582	FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)	26	591	416	2k+	18 days ago	Exception Not Escaped
#583	Hide Admin Bar Based on User Roles	26	549	1,345	20k+	17 days ago	Non Prefixed Variable Found
#584	Klarna for WooCommerce	26	284	500	30k+	28 days ago	Dynamic Hookname Found
#585	Loco Translate	26	454	242	1m+	21 days ago	Output Not Escaped
#586	Media File Renamer: Rename for better SEO (AI-Powered)	26	148	170	40k+	23 days ago	Direct Query
#587	Omise Payments	26	358	256	2k+	13 days ago	Output Not Escaped
#588	Pressidium Cookie Consent	26	203	95	10k+	7 months ago	Exception Not Escaped
#589	Sliced Invoices – WordPress Invoice Plugin	26	684	455	5k+	6 months ago	Output Not Escaped
#590	Carousel, Recent Post Slider and Banner Slider	26	528	1,409	8k+	7 months ago	Non Prefixed Variable Found
#591	Subscriptions for WooCommerce	26	42	756	10k+	14 days ago	Non Prefixed Variable Found
#592	Virtue/Ascend/Pinnacle Toolkit	26	605	300	30k+	5 months ago	Output Not Escaped
#593	Premmerce SEO for WooCommerce	26	550	1,285	1k+	1 month ago	Non Prefixed Variable Found
#594	Shipping Method Display Style for WooCommerce	26	529	1,308	2k+	1 month ago	Non Prefixed Variable Found
#595	XL NMI Gateway for WooCommerce	26	695	436	1k+	1 month ago	Text Domain Mismatch
#596	WP Flashy Marketing Automation	26	432	186	2k+	3 days ago	Text Domain Mismatch
#597	Accordions – Responsive Accordion & FAQ Plugin for WordPress	27	554	158	1k+	8 days ago	Text Domain Mismatch
#598	Arconix FAQ	27	552	201	6k+	1 year ago	Text Domain Mismatch
#599	Church Content – Sermons, Events and More	27	134	410	4k+	1 month ago	Non Prefixed Function Found
#600	Custom Scrollbar	27	184	191	2k+	5 years ago	Output Not Escaped