WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3951Fast Chat Button41241881k+Non-prefixed global variable
#3952Heroic Favicon Generator4110476k+Output is not escaped
#3953Feature A Page Widget416653k+Output is not escaped
#3954Featured Audio41549400Output is not escaped
#3955Featured Image Generator4131161k+Output is not escaped
#3956Flexible Posts Widget41136338k+Output is not escaped
#3957FluentAffiliate – Affiliate Program Management Suite, Affiliates Manager41115141k+Exception output is not escaped
#3958Gallery Lightbox41471610k+Output is not escaped
#3959Genesis Featured Page Advanced4120947k+Output is not escaped
#3960Genesis Footer Builder4112431k+Output is not escaped
#3961Google Authenticator41396520k+Output is not escaped
#3962(Simply) Guest Author Name4135362k+Output is not escaped
#3963Hide My Dates415011400Unsafe printing function
#3964Hide WP Admin Login412339500Nonce verification recommended
#3965Highcompress Image Compressor4110669600Text Domain Mismatch
#3966iCount Payment Gateway4115322500Text Domain Mismatch
#3967Image Editor by Pixo4112068800Output is not escaped
#3968Import external attachments4118262k+Output is not escaped
#3969Infinite Ajax Scrolling Lite For Woocommerce413328500Output is not escaped
#3970Inpost Paczkomaty4135688k+Text Domain Mismatch
#3971Insert JavaScript and CSS416419400Text Domain Mismatch
#3972Jellyfish Counter Widget4117451k+Output is not escaped
#3973Multiple Themes411124110k+Output is not escaped
#3974jQuery Vertical Scroller411104400Output is not escaped
#3975Social Sharing Plugin – Kiwi4123804k+Non-prefixed global variable
#3976Ko-fi Button4175155k+Output is not escaped
#3977Central Color Palette41733310k+Output is not escaped
#3978Lazy Load Optimizer4163263k+Unsafe printing function
#3979Lazy Load XT41877600Non Singular String Literal Domain
#3980LH Agree to Terms415932800Output is not escaped
#3981Lockdown WP Admin41205010k+Request data is not unslashed
#3982Log cleaner for Solid Security4165478k+Text Domain Mismatch
#3983Magic Liquidizer Responsive Table41114386k+Text Domain Mismatch
#3984MaxLimits – Increase Maximum Upload, Post & PHP Limits4199162k+Unsafe printing function
#3985MaxSlider4121457k+Output is not escaped
#3986Meks Flexible Shortcodes41133110k+Unsafe printing function
#3987Mihdan: Yandex Turbo Feed4165391k+Output is not escaped
#3988Mobile Contact Bar41943610k+Unsafe printing function
#3989Most Popular Categories41672600Output is not escaped
#3990MouseWheel Smooth Scroll411047100k+Text Domain Mismatch
#3991MS Custom Login411176900Unsafe printing function
#3992Multiple Domain41421710k+Output is not escaped
#3993My Favorites4135341k+Output is not escaped
#3994My Wp Brand – Hide menu & Hide Plugin4174502k+Non Singular String Literal Domain
#3995Native Emoji4154375k+Unsafe printing function
#3996Nepali Date Utilities4151151k+date date
#3997Grid Gallery – for Photo Gallery, Image Gallery & Portfolio419741k+Request data is not unslashed
#3998Omnibus — show the lowest price41353710k+Output is not escaped
#3999Live Chat & AI Chatbot – onWebChat413191700error log error log
#4000Optimus – WordPress Image Optimizer41522030k+Unsafe printing function