WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4151Easy Demo Import for Omega Themes423341400Output is not escaped
#4152Easy Video Player42202020k+Output is not escaped
#4153Embedly4217382k+Output is not escaped
#4154Enable Classic Editor & Widgets4210662k+Non Singular String Literal Domain
#4155Etsy Shop4258213k+Unsafe printing function
#4156Exclude Pages42311420k+Non Singular String Literal Domain
#4157Exit Popup425151k+Output is not escaped
#4158FCM Push Notification from WP424316500Non Singular String Literal Domain
#4159File Media Renamer4216422k+Input is not sanitized
#4160First payment date for WooCommerce Subscriptions424219400Output is not escaped
#4161Flamix: Bitrix24 and Contact Form 7 integrations427941k+Output is not escaped
#4162Flexible Editor Panel for Elementor421544220k+Text Domain Mismatch
#4163Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution421111720k+Exception output is not escaped
#4164FooTable428671k+Output is not escaped
#4165Lock Down Admin4230203k+Unsafe printing function
#4166Fusion Page Builder : Extension – Gallery422930600Output is not escaped
#4167GA Google Analytics – Connect Google Analytics to WordPress424630400k+Output is not escaped
#4168Gelato Integration for WooCommerce4236325k+Output is not escaped
#4169Goolytics – Simple Google Analytics423754k+Unsafe printing function
#4170hCaptcha for WP421151870k+Exception output is not escaped
#4171Hide Cart Functions4212503k+Nonce verification recommended
#4172Hide Featured Image42261210k+Unsafe printing function
#4173HTML Editor Syntax Highlighter42302150k+Output is not escaped
#4174Image Uploader for Welcart4227243k+Output is not escaped
#4175iOS images fixer4222426k+Nonce verification recommended
#4176iyzico for WooCommerce42345410k+Unsafe printing function
#4177Lazy Social Comments4273101k+Unsafe printing function
#4178LeadSnap4214841k+Input is not validated
#4179LH Page Links To422538500Output is not escaped
#4180Image and Video Lightbox, Image PopUp4253151k+Output is not escaped
#4181Lightweight Social Icons4259130k+Output is not escaped
#4182LIQUID BLOCKS – Slider, Carousel, Accordion4250314k+Unsafe printing function
#4183List Custom Taxonomy Widget425259k+Output is not escaped
#4184Login No Captcha reCAPTCHA42452460k+Unsafe printing function
#4185Mailster Cool Captcha426528400Text Domain Mismatch
#4186Manage User Columns4215271k+Request data is not unslashed
#4187Mass Delete Unused Tags42219800Output is not escaped
#4188Medical Addon for Elementor4220081k+Text Domain Mismatch
#4189Message Popup For Contact Form 74230811k+Missing nonce verification
#4190Mobile CSS42597500Output is not escaped
#4191My Upload Images427448400Unsafe printing function
#4192Nav Menu Collapse4217393k+Missing nonce verification
#4193NS Remove Related Products for WooCommerce4295433k+Output is not escaped
#4194OG Tags42131342k+Non Singular String Literal Domain
#4195OnPay.io for WooCommerce42238371k+Text Domain Mismatch
#4196PageMenu4216291k+Missing nonce verification
#4197PAYDUNYA WOOCOMMERCE PAR425432600Text Domain Mismatch
#4198PDF Thumbnail Generator4226162k+Output is not escaped
#4199PE Easy Slider4219010800Output is not escaped
#4200Photo Galleria42785800Missing Arg Domain