WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#5851Floating Contact Button77631k+Output is not escaped
#5852GDPR773912110k+Non-prefixed global variable
#5853Gravity Forms Auto Placeholders7798700trademarked term
#5854Mailster Mailgun Integration77165500Missing Translators Comment
#5855Master QR Code Generator – Fast & Easy QR Code Creator772159400Non-prefixed global variable
#5856Modern Footnotes771866k+Output is not escaped
#5857PDF Smart Viewer for Elementor7718161k+Non-prefixed global variable
#5858Pushover Integration for WooCommerce771077800Text Domain Mismatch
#5859Remove Taxonomy Slug77232400Output is not escaped
#5860Responsive Tabs For Elementor7757271k+Text Domain Mismatch
#5861Scroll Magic Addon for Elementor773447400Text Domain Mismatch
#5862Self-Hosted Google Fonts77351130k+Text Domain Mismatch
#5863SendPulse Email Marketing Newsletter77871k+Output is not escaped
#5864Shipping Zone Duplicator for WooCommerce771014800Nonce verification recommended
#5865Display custom fields in the frontend – Post and User Profile Fields771718600Non-prefixed global variable
#5866Simple Floating Menu7713310k+Missing direct file access protection
#5867Storefront Top Bar7720132k+Non-prefixed hook name
#5868Supreme Google Webfonts771271k+Text Domain Mismatch
#5869Tagembed Social Feeds Widget772113710k+Non-prefixed function
#5870Taggbox: Social Feed Widgets77231131k+Direct Query
#5871UsageDD77831k+Output is not escaped
#5872Username7758800Deprecated function: screen_icon
#5873Widget Classes77571k+Missing nonce verification
#5874WP Comment Notification772810400Missing Arg Domain
#5875WP Editor Widget77969k+Unsafe printing function
#5876Lorem Ipsum Generator7779500Missing direct file access protection
#5877WP Night Mode77811700Non-prefixed function
#5878WPA WooCommerce Product Gallery Slider Lite776652400Text Domain Mismatch
#5879Pay with PAYUNi77913500Input is not sanitized
#5880Accordion Blocks789310k+Unsafe printing function
#5881Advanced Custom Fields: Gravity Forms Add-on78331330k+Text Domain Mismatch
#5882Support For Icomoon with Advanced Custom Fields781561k+Output is not escaped
#5883Active Campaign & WPForms782710400Text Domain Mismatch
#5884AffiliateWP – Affiliate QR Codes783281k+Text Domain Mismatch
#5885AffiliateWP – Allow Own Referrals783710600Text Domain Mismatch
#5886AWP Classifieds781193k+Output is not escaped
#5887Boei – AI Chatbot, Live Chat & 50+ Channels for WordPress78941k+Output is not escaped
#5888Code Block Syntax Highlighter for Elementor783443600Non Singular String Literal Domain
#5889Date Picker For Contact Form 778384k+Missing nonce verification
#5890Player for SoundCloud – Embed and Play Audio Tracks7817241k+Text Domain Mismatch
#5891Floating Ads Bottom78912k+Setting is missing a sanitization callback
#5892Frontend Product Editor for WooCommerce787631500Text Domain Mismatch
#5893Honeypot Anti-Spam785710k+Missing nonce verification
#5894Login Widget for Ultimate Member781010600Input is not sanitized
#5895Maintenance Notice782671800Non-prefixed global variable
#5896Media Focus Point781165k+Output is not escaped
#5897More Mails for CF778136500Text Domain Mismatch
#5898Nav Menu Images78586k+Missing nonce verification
#5899One Time Login787840k+Nonce verification recommended
#5900Post slider elementor addons784582k+Text Domain Mismatch