WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#5501Add Widget After Content706117k+Setting is missing a sanitization callback
#5502In-feed ads for Google AdSense7020206k+Non-prefixed global variable
#5503Ambrosite Next/Previous Page Link Plus701121900Interpolated SQL is not prepared
#5504Animentor – Lottie & Bodymovin for Elementor701884k+Output is not escaped
#5505AppScenic – Smart AI Dropshipping7016413k+Dynamic hook name
#5506Private Store for WooCommerce B2B & Wholesale by B2BKing70868600Text Domain Mismatch
#5507BestPrice Analytics Integration7035101k+Text Domain Mismatch
#5508Checkfront Online Booking System7032162k+wp function not compatible with requires wp
#5509Comment Form CSRF Protection70710500Request data is not unslashed
#5510Comment Form Js Validation702382k+Missing Arg Domain
#5511ConvertCalculator: Build Cost, Price, Quotation, ROI Interactive Calculators70912800Output is not escaped
#5512Custom Currency for WooCommerce706352k+Missing direct file access protection
#5513Easy Hotel – Powerful Hotel Booking7041,900800Non-prefixed global variable
#5514Embed Code – Headers & Footers by DesignBombs701954k+Output is not escaped
#5515Ghost702512600Output is not escaped
#5516Host Header Injection Fix7098400Output is not escaped
#5517Library70143700Output is not escaped
#5518Xpro Slider For Beaver Builder – Lite7014713500Text Domain Mismatch
#5519Multipart robots.txt editor701981k+Output is not escaped
#5520Shipping Notices and No shipping options found info for WooCommerce70918400Non-prefixed global variable
#5521onepay Payment Gateway For WooCommerce704913900Text Domain Mismatch
#5522PipraPay Gateway70116400Output is not escaped
#5523Portfolio Post Type7071150k+Nonce verification recommended
#5524Purchased Items Column for WooCommerce Orders70108800Output is not escaped
#5525Remove Taxonomy Base Slug7012185k+Deprecated parameter: get_terms parameter 2
#5526Ridhi Companion703738500Non-prefixed global variable
#5527RSS Importer7014230k+Output is not escaped
#5528Show-Hide / Collapse-Expand70181510k+Missing direct file access protection
#5529Show IP address706201k+Input is not sanitized
#5530Simple Site Verify70200900Output is not escaped
#5531Simple Sticky Header on Scroll70318900Output is not escaped
#5532Smart WYSIWYG Blocks Of Content703641k+Output is not escaped
#5533SQL Executioner7018172k+Non-prefixed global variable
#5534Stitch Express70106400Output is not escaped
#5535SubHeading7022131k+Non Singular String Literal Domain
#5536Support Me70126900Unsafe printing function
#5537Today's Date Inserter70321700Output is not escaped
#5538TP Product Image Flipper for WooCommerce7017159k+Non-prefixed function
#5539WEBKINDER Integration for Google Analytics and Google Tag Manager70152210k+Output is not escaped
#5540Quick Buy For Woocommerce70105221k+Text Domain Mismatch
#5541WP Image Borders704762k+Text Domain Mismatch
#5542Post Template701211400Missing nonce verification
#5543WPThumb70309800Output is not escaped
#5544Download Manager Addons for Elementor70272136k+Non Singular String Literal Domain
#5545Yampi Checkout70610900Nonce verification recommended
#5546Web Accessibility with Max Access712211800curl curl setopt
#5547ACF Enhanced Message Field71291600Text Domain Mismatch
#5548Advanced Custom Fields: Price Field71127400Output is not escaped
#5549ACF Tooltip711631k+Output is not escaped
#5550Add Any Extension to Pages713102k+Input is not sanitized