WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2651Multi Step for Contact Form 7366110610k+Missing nonce verification
#2652Contact Form 7 Polylang Module3632455k+Output is not escaped
#2653CloudPayments Gateway for WooCommerce3620570500Text Domain Mismatch
#2654CLP – Custom Login Page by NiteoThemes3624049700Output is not escaped
#2655CM Header and Footer – Add custom scripts and styles to your header and footer with ease362301981k+Output is not escaped
#2656CMB23614819300k+Output is not escaped
#2657Code Snippets36342031m+Nonce verification recommended
#2658ColorMeShop WordPress Plugin3639237600Exception output is not escaped
#2659Coming Soon, Under Construction & Maintenance Mode By Dazzler361731326k+Text Domain Mismatch
#2660Conditional Payments for WooCommerce3629218410k+Text Domain Mismatch
#2661Conditional Shipping for WooCommerce369319610k+Non-prefixed global variable
#2662Continuous Image Carousel With Lightbox362551291k+Output is not escaped
#2663CP Blocks3646381k+wp function not compatible with requires wp
#2664Crelly Slider3642118510k+Unsafe printing function
#2665CSH Login3612641500Output is not escaped
#2666Custom Database Applications by Caspio363263400Input is not sanitized
#2667Custom PHP Settings361537610k+Output is not escaped
#2668Custom Category Post Order368083500Text Domain Mismatch
#2669Dashboard Widgets Suite362061244k+Output is not escaped
#2670Depicter — Popup & Slider Builder3613012180k+Exception output is not escaped
#2671DeveloPress Sticky Footer Bar3616549400Output is not escaped
#2672Different Menu in Different Pages – Conditional Menu361671134k+Text Domain Mismatch
#2673Doneren met Mollie364203514k+SQL query is not prepared
#2674Drag and Drop Multiple File Upload for Contact Form 736823660k+wp function not compatible with requires wp
#2675Duitku Payment Gateway36507107700Text Domain Mismatch
#2676Duplicate Post – duplicate pages, copy content, clone posts3676815k+wp function not compatible with requires wp
#2677Dynamic Copyright Year3697243800Output is not escaped
#2678Dynamic Front-End Heartbeat Control362171111k+Text Domain Mismatch
#2679Dynamic Visibility for Elementor36568950k+Non-prefixed hook name
#2680Easy Support Videos – Embed videos in the admin3616095500Output is not escaped
#2681Product Carousel Slider for Elementor36148631k+Text Domain Mismatch
#2682Email Before Download3689296k+Unsafe printing function
#2683Endora3653721k+Output is not escaped
#2684Enhanced Media Library3636111760k+Unsafe printing function
#2685Enormail Sign Up Forms36133126400Output is not escaped
#2686Envo's Templates & Widgets for Elementor and WooCommerce361,0655410k+Text Domain Mismatch
#2687Events Manager and WPML Compatibility361011771k+Direct Query
#2688Export Variable Products367949400Text Domain Mismatch
#2689Happy WooCommerce FAQs – Ultimate Product FAQ Plugin36651191k+Nonce verification recommended
#2690FreePay for WooCommerce36114102400Output is not escaped
#2691Friendly Functions for Welcart36311831k+Non Singular String Literal Domain
#2692Genesis Sandbox Featured Content Widget36229241k+Text Domain Mismatch
#2693GetPaid > Wallet36174227700Text Domain Mismatch
#2694Google SEO Pressor for Rich snippets3651160400Missing nonce verification
#2695Google Webfont Optimizer364549700Output is not escaped
#2696Gutena Kit – Gutenberg Blocks and Templates3639871k+Nonce verification recommended
#2697Header Footer Code Manager3681180600k+Non-prefixed global variable
#2698Optimize Social Share36203613k+Unsafe printing function
#2699HTML Forms – Simple WordPress Forms Plugin3623116610k+Output is not escaped
#2700HTML5 Maps361941605k+Output is not escaped