WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#6051Link Juice Optimizer821266k+Output is not escaped
#6052Meks Smart Social Widget8210210k+Output is not escaped
#6053MyBookTable Bookstore by Stormhill Media8215331k+Direct Query
#6054mypace Custom Meta Robots82462k+Input is not sanitized
#6055Property Hive Rental Yield Calculator82162400Text Domain Mismatch
#6056Regenerate Thumbnails821091m+Direct Query
#6057WordPress REST API (Version 2)824761310k+Missing Arg Domain
#6058Search box on Navigation Menu82223500Text Domain Mismatch
#6059Seriously Simple Transcripts82353900Text Domain Mismatch
#6060Simple ads.txt82861k+Missing direct file access protection
#6061Simple Page Ordering82119100k+Missing Arg Domain
#6062Simple Widget Title Links82153400Output is not escaped
#6063SiteNarrator Text-to-Speech Widget82124800Output is not escaped
#6064SnapWidget Social Photo Feed Widget8299600Output is not escaped
#6065Stop Emails82935k+Missing direct file access protection
#6066Storefront Blog Excerpts82242700Text Domain Mismatch
#6067Storefront Homepage Contact Section822621k+Output is not escaped
#6068Super Web Share – Native Social Sharing Button8224192k+Non-prefixed function
#6069Tasty Recipes Lite827662k+Non-prefixed global variable
#6070Visual Term Description Editor8211510k+Missing Arg Domain
#6071WP Copy Content Protection8276600Output is not escaped
#6072WP Mail From II82375k+trademarked term
#6073Flexible Content Extended for Advanced Custom Fields83114700Output is not escaped
#6074ACF Repeater & Flexible Content Collapser832143k+Text Domain Mismatch
#6075Advanced Appointment Booking & Scheduling8311133k+Text Domain Mismatch
#6076Browser Theme Color83422k+Output is not escaped
#6077Integration of Bitrix24 with Contact Form 7831440600Non-prefixed function
#6078Change WordPress Login Logo835920k+Non-prefixed function
#6079Code Click to Copy83129700Non-prefixed function
#6080Custom CSS and JS83111900Output is not escaped
#6081dLocal Go Payments83915400Missing Translators Comment
#6082Easy Flash Embed8391900Output is not escaped
#6083Export emails8387500Direct Query
#6084Featured Image Column831222k+Output is not escaped
#6085AI Builder8335400Output is not escaped
#6086Date Time Field Add-On for Gravity Form831611k+Output is not escaped
#6087Starter Templates by Gradient Themes832773k+Text Domain Mismatch
#6088Homepage Control831339k+Output is not escaped
#6089Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics83132700Text Domain Mismatch
#6090LinkCentral – URL shortener, Affiliate Links & Custom Link Shortener with Link Tracking8310225400Direct Query
#6091Login Logo8310040k+Output is not escaped
#6092Mailster SendGrid Integration832331k+Missing Translators Comment
#6093Make Disable Admin Email Verification Prompt| Aims Infosoft831042k+Text Domain Mismatch
#6094Mammoth .docx converter8311020k+Output is not escaped
#6095Max Addons for Bricks Builder836291k+Post Not In exclude
#6096Menu Duplicator832910k+Non-prefixed constant
#6097Add menu separators to navigation8387900Non-prefixed hook name
#6098Mouseflow for WordPress83987k+Output is not escaped
#6099oik-privacy-policy831442700No Html Wrapped Strings
#6100Photo Sphere Viewer – 360° Panorama, Virtual Tour, 360 Video & AR 3D Model Viewer831310500wp function not compatible with requires wp