WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2601WP-ViperGB3512768400Output is not escaped
#2602Integration for WooCommerce and QuickBooks352631251k+Output is not escaped
#2603WP-Yomigana3517152k+Output is not escaped
#2604WPC Badge Management for WooCommerce3513812k+Missing nonce verification
#2605WPCore Plugin Manager35118389k+Text Domain Mismatch
#2606WPD Beaver Builder Additions3540635600Non Singular String Literal Domain
#2607WP Views Counter3581422k+Output is not escaped
#2608WPFront User Role Editor3533357830k+Output is not escaped
#2609WPGraphQL for ACF3561810k+Output is not escaped
#2610wpLingua – Automatic translation – Translate and make website multilingual35791672k+Nonce verification recommended
#2611WPPerformanceTester3594441k+Output is not escaped
#2612WPZOOM Addons for Elementor – Starter Templates & Widgets3516013020k+Output is not escaped
#2613WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress357410910k+Nonce verification recommended
#2614WPZOOM Portfolio Lite – Filterable Portfolio Plugin35429220k+Non-prefixed global variable
#2615Writesonic3514161k+Non-prefixed global variable
#2616WSB HUB335361091k+Missing nonce verification
#2617xili-tidy-tags352241571k+Output is not escaped
#2618XServer Migrator35395310k+Interpolated SQL is not prepared
#2619TypeSquare Webfonts for エックスサーバー3518398100k+Missing Arg Domain
#2620Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts35481145k+Non-prefixed hook name
#2621Yes/No Chart351361392k+Unsafe printing function
#2622YML for Yandex Market351828810k+Non-prefixed global variable
#2623Year Make Model Search for WooCommerce351881621k+Output is not escaped
#2624Embeds for YouTube3525530710k+Non-prefixed global variable
#26252C2P Redirect API for WooCommerce3613662900wp function not compatible with requires wp
#26263B Meteo3650761k+Output is not escaped
#2627Product Labels For Woocommerce (Sale Badges)36904810k+Output is not escaped
#2628Admin Customizer36143641k+Output is not escaped
#2629Advanced Export for WP & WPMU3612455700Output is not escaped
#2630Age Verification for your checkout page. Verify your customer's identity36155238500Output is not escaped
#2631Awesome GDPR Compliant Cookie Consent and Notice36653201500Text Domain Mismatch
#2632Bard Extra3615876700Text Domain Mismatch
#2633Black Widgets For Elementor362,60819800Text Domain Mismatch
#2634Blaze Demo Importer36101948k+Output is not escaped
#2635BlockStrap Page Builder – Bootstrap Blocks3681892k+Missing direct file access protection
#2636Blog, Posts and Category Filter for Elementor36159551k+Text Domain Mismatch
#2637BP Disable Activation Reloaded3614728800Output is not escaped
#2638BP Profile Search36321855k+Output is not escaped
#2639bpost shipping369743700Output is not escaped
#2640Breadcrumb NavXT36102111800k+Non Singular String Literal Domain
#2641BuddyMeet3611432700Unsafe printing function
#2642Bulgarisation for WooCommerce361366035k+Nonce verification recommended
#2643Bulk Post Update Date36966610k+Unsafe printing function
#2644Bus Ticket Booking with Seat Reservation36145192800Non-prefixed global variable
#2645Better WordPress Recent Comments3631969600Text Domain Mismatch
#2646Carousel Ultimate36450284700Text Domain Mismatch
#2647Carousel Horizontal Posts Content Slider36271592k+Text Domain Mismatch
#2648Cashflows for WooCommerce3611936600Text Domain Mismatch
#2649Simple SEO3616411310k+Non Singular String Literal Domain
#2650Contact Form 7 Gated Content3612236800Short PHP open tag found