WordPress.Security.EscapeOutput.ExceptionNotEscaped

Exception output is not escaped

An exception message or related exception value is printed without escaping.

critical weight

Why It Shows Up

The scan found exception data being displayed directly in HTML output.

Why It Matters

Exception messages can include file paths, request values, remote API responses, or database details. Printing them raw can expose information or create XSS risk.

How to Fix

  • Use `esc_html()` or another context-appropriate escaping function before displaying exception text.
  • Show a generic user-facing message and log the detailed exception for administrators or developers.
  • Do not print stack traces, paths, or raw remote responses on public pages.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#51Remove Add to Cart WooCommerce206161,3784k+Non-prefixed global variable
#52Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+Output is not escaped
#53SpeakOut! Email Petitions208509943k+Missing nonce verification
#54Events Manager – OpenStreetMaps20559444700Output is not escaped
#55Razorpay for WooCommerce20974855100k+Non-prefixed function
#56WP Minify Fix20306380800Output is not escaped
#57Premium Packages – Sell Digital Products Securely202,0272,2343k+Non-prefixed global variable
#58WPJAM Basic203283564k+Output is not escaped
#59Backup Migration219811,09380k+Non-prefixed global variable
#60Pinpoint Booking System – Version 2216343283k+Missing direct file access protection
#61rtMedia for WordPress, BuddyPress and bbPress213636338k+Non-prefixed constant
#62CallTrackingMetrics219232863k+Unsafe printing function
#63Captcha Them All213003236k+Output is not escaped
#64CartFlows – Funnel Builder & Checkout Plugin for WooCommerce21462654200k+Text Domain Mismatch
#65Smart Grid-Layout Design for Contact Form 7211,12673410k+Output is not escaped
#66SMS Extension for Contact Form 7217201,387400Non-prefixed global variable
#67Comet Cache2185724520k+Output is not escaped
#68Daily Prayer Time219471,7801k+Non-prefixed global variable
#69DELUCKS SEO213621,171400Missing nonce verification
#70Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+Output is not escaped
#71Ebook Store216661,087700Non-prefixed global variable
#72Envo Extra2187860020k+Text Domain Mismatch
#73EventPrime – Events Calendar, Bookings and Tickets218724,3017k+Non-prefixed global variable
#74FileOrganizer – WordPress File Manager21536241200k+unlink unlink
#75Campaign Monitor for WordPress213864612k+Non-prefixed global variable
#76Front End Users217192,759400Non-prefixed global variable
#77If-So Dynamic Content – Elementor & All Page Builders Personalization218897257k+Unsafe printing function
#78Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)214208611m+Non-prefixed global variable
#79LA-Studio Element Kit for Elementor218,3901,96410k+Text Domain Mismatch
#80MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder211,1333,0112k+Non-prefixed global variable
#81Mapster WP Maps213,4402,9033k+Text Domain Mismatch
#82Mergado Pack212,323588700Output is not escaped
#83Modular DS: Monitor, update, and backup multiple websites211598140k+Exception output is not escaped
#84Mooberry Book Manager211,0403991k+Text Domain Mismatch
#85MotoPress Hotel Booking213,0611,03710k+Text Domain Mismatch
#86Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred211,4693,33310k+Non-prefixed global variable
#87OneLogin SAML SSO215073307k+wp function not compatible with requires wp
#88Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages211,1732,9839k+Non-prefixed global variable
#89Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction211,9185,06510k+Non-prefixed hook name
#90User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor216961,48350k+Nonce verification recommended
#91PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board216038906k+Output is not escaped
#92Razorpay for Gravity Forms2141147600Exception output is not escaped
#93Razorpay Quick Payments21399633k+Exception output is not escaped
#94Five Star Restaurant Reservations – WordPress Booking Plugin211,0991,14710k+Output is not escaped
#95Rocket Maintenance Mode & Coming Soon Page211,1761,4064k+Non-prefixed global variable
#96Royal Addons for Elementor – Addons and Templates Kit for Elementor2113,0112,530600k+Text Domain Mismatch
#97Seamless Donations is Sunset216005142k+Text Domain Mismatch
#98SeatReg213121,637400Missing nonce verification
#99Smart Forms – when you need more than just a contact form217765745k+Output is not escaped
#100Accept Stripe Payments2137388220k+Missing nonce verification