WordPress.Security.EscapeOutput.ExceptionNotEscaped

Exception output is not escaped

An exception message or related exception value is printed without escaping.

critical weight

Why It Shows Up

The scan found exception data being displayed directly in HTML output.

Why It Matters

Exception messages can include file paths, request values, remote API responses, or database details. Printing them raw can expose information or create XSS risk.

How to Fix

  • Use `esc_html()` or another context-appropriate escaping function before displaying exception text.
  • Show a generic user-facing message and log the detailed exception for administrators or developers.
  • Do not print stack traces, paths, or raw remote responses on public pages.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1301Clever Mega Menu for Visual Composer38500871k+Output is not escaped
#1302Clever Mega Menu for Elementor38835441k+Output is not escaped
#1303Crop-Thumbnails38332740k+Missing direct file access protection
#1304Customize Posts3831771k+Non-prefixed hook name
#1305Product Badge, Label, Countdown Timer for WooCommerce – Sale Booster3837985k+Interpolated SQL is not prepared
#1306Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds381678240k+Output is not escaped
#1307Front-end Editor387862500Output is not escaped
#1308Goal Tracker – Custom Event Tracking for GA438541252k+Output is not escaped
#1309GoDaddy Payments for WooCommerce3858652k+Output is not escaped
#1310imoje38621602k+Nonce verification recommended
#1311Coding Chicken – JetEngine Importer385529400Missing direct file access protection
#1312LuckyWP Scripts Control38186233k+Output is not escaped
#1313Migrate Store: Export and Import WooCommerce Settings3837331k+Non-prefixed global variable
#1314Polaroid Gallery38105201k+Unsafe printing function
#1315qTranslate META388826400Output is not escaped
#1316SCSS WP Editor3811140900Exception output is not escaped
#1317Simple JWT Login – Allows you to use JWT on REST endpoints.38712954k+Output is not escaped
#1318Simple LDAP Login3865331k+Output is not escaped
#1319SimpleShop3852511k+date date
#1320Templatiq383194900Non-prefixed hook name
#1321Twiget Twitter Widget3814736500Output is not escaped
#1322VidShop – Shoppable Videos for WooCommerce38541531k+Database parameter is not escaped
#1323Visual Admin Customizer382051500Input is not sanitized
#1324Shipping Packages for WooCommerce – Dropship from multiple locations like AliExpress, eBay, Amazon, Etsy389426900Non Singular String Literal Domain
#1325Products Coming Soon for WooCommerce3815162700Output is not escaped
#1326Wholesale for WooCommerce38541221k+Output is not escaped
#1327Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance38231041k+Direct Query
#1328mb.YTPlayer for background videos3880291k+Unsafe printing function
#1329Andreani WooCommerce392186800Non-prefixed global variable
#1330Animate It!391371620k+Text Domain Mismatch
#1331Australia Post WooCommerce Extension3999123k+Text Domain Mismatch
#1332BugSnag Error Monitoring plugin3952962k+wp function not compatible with requires wp
#1333Innozilla Skins for Contact Form 739152222k+Output is not escaped
#1334Constant Contact + WooCommerce3927911k+Nonce verification recommended
#1335Da Reactions3915140400Request data is not unslashed
#1336Email Marketing by EmailOctopus3943623k+Non-prefixed global variable
#1337Events Manager – Zoom Integration3914143700Output is not escaped
#1338GF Mollie by Indigo398233900Exception output is not escaped
#1339GoSMTP – SMTP for WordPress395942500k+Output is not escaped
#1340Insert Amz Images3979441k+Output is not escaped
#1341Leaflet Map39593230k+Output is not escaped
#1342linkPizza-Manager394623700Exception output is not escaped
#1343LuckyWP Table of Contents3943862100k+Output is not escaped
#1344MailChimp Add-On for FormCraft395629800curl curl setopt
#1345Pay by paynow.pl3951566k+Output is not escaped
#1346payever – WooCommerce Gateway39263131700Text Domain Mismatch
#1347Paystack Add-On for Gravity Forms399631400Text Domain Mismatch
#1348PO/MO Editor39106451k+Unsafe printing function
#1349Query Multiple Taxonomies395541500Output is not escaped
#1350Quform Mailchimp3965147800Nonce verification recommended