WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4051SnapScan Payment Gateway413330700Output is not escaped
#4052Masonry Widget415811500Output is not escaped
#4053TechGasp Sound Master411364500Output is not escaped
#4054TechGasp Music Master411434500Output is not escaped
#4055SQL Chart Builder413852600Text Domain Mismatch
#4056Squeeze – Image Optimization & Compression, WEBP Conversion4120702k+Nonce verification recommended
#4057Sticky Posts – Switch418456k+Output is not escaped
#4058Styler for Gravity Forms4136922k+Text Domain Mismatch
#4059Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress41271682k+Request data is not unslashed
#4060tarteaucitron.io41449210k+Output is not escaped
#4061Taxonomy Converter415424500Output is not escaped
#4062Taxonomy Filter4114340800Output is not escaped
#4063Terms of Service & Privacy Policy Generator41991600Output is not escaped
#4064Text Hover4144131k+Output is not escaped
#4065Text Replace4155123k+Output is not escaped
#4066Feedback Company416336800Output is not escaped
#4067Theme Blvd Importer412558500Missing nonce verification
#4068Theme Duplicator411431400Nonce verification recommended
#4069Threat Scan Plugin412917400Output is not escaped
#4070Advanced Editor Tools41143841m+Unsafe printing function
#4071TW Pagination4190231k+Non Singular String Literal Domain
#4072Unbloater4157185k+Output is not escaped
#4073Usersnap413717500Output is not escaped
#4074Visibility Logic for Elementor41274330k+Output is not escaped
#4075fancyBox 3 for WordPress4172111k+Output is not escaped
#4076Waka Bulk Page4152161k+Unsafe printing function
#4077WaveSurfer-WP418322400Unsafe printing function
#4078WC Multiple Email Recipients418534k+Text Domain Mismatch
#4079Advanced Custom Stock Status4184339k+Output is not escaped
#4080Top Image SEO41115265k+Unsafe printing function
#4081M-Pesa(Kenya) Checkout for Woocommerce4146381k+Text Domain Mismatch
#4082WPC Product Bundles for WooCommerce41219330k+Missing nonce verification
#4083Country Based Restrictions for WooCommerce4127675k+Request data is not unslashed
#4084Quick View For WooCommerce4144441k+Output is not escaped
#4085WPC Smart Wishlist for WooCommerce414738100k+Output is not escaped
#4086WooCommerce Colors41632810k+Output is not escaped
#4087Pay for Payment for WooCommerce41296710k+Missing nonce verification
#4088Spam Protect for Contact Form 741166110k+Request data is not unslashed
#4089WP Dashboard Notes41242920k+Unsafe printing function
#4090WP Extended Search411593720k+Output is not escaped
#4091Regions for WP Job Manager4129557k+Nonce verification recommended
#4092WP Lorem ipsum413729500Unsafe printing function
#4093WP Media folders4119743k+Direct Query
#4094WP Modal Popup with Cookie Integration4188131k+Unsafe printing function
#4095Pledged Plugins PCI Gateway for NMI and WooCommerce41160422k+Text Domain Mismatch
#4096WP Permalink Translator4134212k+Unsafe printing function
#4097WP Router412913800Exception output is not escaped
#4098WP Test Email41322820k+Unsafe printing function
#4099User Login Notifier for WordPress4172261k+Output is not escaped
#4100WPC Composite Products for WooCommerce4111739k+Missing nonce verification