WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3501SKP WP Admin Login Captcha3977181k+Output is not escaped
#3502Slash Admin3911638500Output is not escaped
#3503Slider Text Scroll399552400Text Domain Mismatch
#3504Slideshow SE39352402k+Non-prefixed global variable
#3505Smaily for WP395236600Output is not escaped
#3506Smart Archives Reloaded3978361k+Non Singular String Literal Domain
#3507SMTP395415700Non Singular String Literal Domain
#3508Soumettre.fr391302610k+Text Domain Mismatch
#3509Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate3942226500Request data is not unslashed
#3510Stock Ticker3992492k+Output is not escaped
#3511Stockdio Historical Chart396516800Output is not escaped
#3512Store Locator for WordPress📍39100361k+Missing Arg Domain
#3513Structured Content (JSON-LD) #wpsc392917340k+Output is not escaped
#3514Substack Importer3933331k+Missing nonce verification
#3515Swifty Image Widget3911428900Output is not escaped
#3516Sydney Toolbox39846250k+Unsafe printing function
#3517Sync Post With Other Site39179213k+Non Singular String Literal Domain
#3518Tabify Edit Screen398327500Output is not escaped
#3519Tawk.To Manager3920421600Output is not escaped
#3520Easy Category Icons395043600Text Domain Mismatch
#3521ThemeKit For WordPress3914949700Output is not escaped
#3522OpenHook39172221k+Unsafe printing function
#3523TinyMCE Custom Styles39297767k+Non Singular String Literal Domain
#3524TinyMCE Spellcheck3927322k+Unsafe printing function
#3525TomS reCAPTCHA39128256500Missing nonce verification
#3526UiChemy — Figma Converter for Elementor, Gutenberg and Bricks3981009k+Nonce verification recommended
#3527Ultimate Client Dash39697122k+Text Domain Mismatch
#3528Ultimate Lightbox39110591k+Unsafe printing function
#3529Universal Google Adsense and Ads manager3970312k+Unsafe printing function
#3530Unlimited Background Slider396653600Output is not escaped
#3531upPrev3935361k+Dynamic hook name
#3532Uptolike Social Share Buttons3938334k+Output is not escaped
#3533Use Any Font | Custom Font Uploader393655200k+Request data is not unslashed
#3534UserHeat Plugin39121206k+Non Singular String Literal Domain
#3535Accessibility by UserWay39223580k+Direct Query
#3536Smart Variation Swatches and Attribute Filters for WooCommerce3939503k+Output is not escaped
#3537Video Blogster Lite392980700Missing nonce verification
#3538Virusdie | One-click website security39149662k+Output is not escaped
#3539Visual Portfolio, Photo Gallery & Post Grid393418960k+Non-prefixed hook name
#3540BeGateway Payment Gateway for WooCommerce395744400Unsafe printing function
#3541Payments via PayMongo for WooCommerce3936811k+Nonce verification recommended
#3542Smart COD for WooCommerce39502830k+Output is not escaped
#3543WebHotelier for WordPress3945140500Text Domain Mismatch
#3544Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types398911720k+Unsafe printing function
#3545Payment Gateway – nexi Alpha Bank for WooCommerce3996401k+Non Singular String Literal Domain
#3546Woo Button Text395321500Output is not escaped
#3547Combo Offers WooCommerce3938892k+Missing nonce verification
#3548Lucky Wheel for WooCommerce – Spin a Sale39121531k+Request data is not unslashed
#3549PayU GPO Payment for WooCommerce39449110k+Output is not escaped
#3550Skroutz & Bestprice XML feed for WooCommerce3913531k+Output is not escaped