WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#5151wp-cleanumlauts26132221k+Output is not escaped
#5152WP-CORS617231k+error log error log
#5153RSS Feed Retriever612387k+wp function not compatible with requires wp
#5154Bulk Edit YOAST SEO fields in Spreadsheet6156161k+Non Singular String Literal Domain
#5155WP-UTF8-Excerpt611710800Unsafe printing function
#5156WP YouTube Player6114171k+Output is not escaped
#5157Related Products Slider for WooCommerce – Boost Sales with Smart Product Recommendations6181131k+Text Domain Mismatch
#5158AAM Protected Media Files621310600Direct Query
#5159AMP Contact FORM 7 – AMPCF762913600Input is not validated
#5160AMS Post And Page Duplicator621413600Text Domain Mismatch
#5161Contact Form 7 – Blacklist Unwanted Email621611400Missing direct file access protection
#5162Bulk edit publish date6211162k+Nonce verification recommended
#5163Bulk Page Creator6291710k+Request data is not unslashed
#5164Cloudways WordPress Migrator62152520k+Output is not escaped
#5165Checkout Countdown for WooCommerce – Boost Conversions & Reduce Cart Abandonment6243124k+Output is not escaped
#5166Column Separator for Beaver Builder626117400Output is not escaped
#5167Custom Permalink Editor624513k+Non-prefixed hook name
#5168Custom Sidebars by ProteusThemes6217231k+Missing nonce verification
#5169Dashboard Widget Sidebar62916400Input is not validated
#5170Devices for Elementor622213400Output is not escaped
#5171Disable Visual Editor WYSIWYG6210121k+Nonce verification recommended
#5172DreamHost Automated Migration62152320k+Output is not escaped
#5173Equalweb Accessibility622154k+Output is not escaped
#5174exovia GDPR Google Maps624064k+Output is not escaped
#5175Genesis Accessible624917500Text Domain Mismatch
#5176GetGenie – AI Content Writer with Keyword Research & SEO Tracking62133980k+Nonce verification recommended
#5177Hestia Nginx Cache622181k+Output is not escaped
#5178Include Matomo Tracking, by Jonas Hellmann62144500Setting is missing a sanitization callback
#5179Cron Jobs6221332k+Nonce verification recommended
#5180Live Simple Clock62231800Output is not escaped
#5181Migrate To Liquid Web & Nexcess6215232k+Output is not escaped
#5182Nimbata Call Tracking621311400Non-prefixed function
#5183Pressable Automated Migration6215233k+Output is not escaped
#5184Proofreading6211745k+Direct Query
#5185Easy SSL Plugin for SAKURA Rental Server62231750k+Input is not sanitized
#5186SEO Image Toolbox6219141k+Output is not escaped
#5187Single Post Template621484k+Text Domain Mismatch
#5188Sitewide Notice WP626133k+Output is not escaped
#5189Spam Comments Cleaner6214291k+Non-prefixed function
#5190Standard Widget Extensions626761k+Output is not escaped
#5191Testimonial Carousel For Elementor62345610k+No Html Wrapped Strings
#5192Topic SEO Content Optimization Tool6235151k+curl curl close
#5193Uber Login Logo6216510k+Unsafe printing function
#5194WiserNotify – Social Proof & FOMO Notifications, WooCommerce Sales Popups, Reviews & Announcement Bar6213321k+Request data is not unslashed
#5195Woo Product Remover6223141k+SQL query is not prepared
#5196Embed Videos For Product Image Gallery Using WooCommerce622116400Text Domain Mismatch
#5197WooCommerce Product Fees626252k+Missing nonce verification
#5198WP Downloader6211152k+Output is not escaped
#5199Wp Theme plugin Download6211162k+Output is not escaped
#5200Migrate to WordPress.com6215282k+Output is not escaped