WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4251List Products By Category Widget for WooCommerce428451k+Output is not escaped
#4252TT Extra Fee Option for WooCommerce4237191k+Output is not escaped
#4253Dynamic Remarketing for Google Ads and WooCommerce4232152k+Output is not escaped
#4254WP Author Security424013500Output is not escaped
#4255WP Before After Image Slider – Interactive Image and Video Comparison Plugin for WordPress42112171k+Text Domain Mismatch
#4256WP Child Theme Generator42356620k+Request data is not unslashed
#4257WP Content Copy Protection & No Right Click42126135100k+Unsafe printing function
#4258WP Cron Cleaner425138500Unsafe printing function
#4259WP Fingerprint4234479k+Direct Query
#4260WP Post Redirect4229173k+Unsafe printing function
#4261WP QuickLaTeX4241604k+Non-prefixed global variable
#4262WP Responsive Table4242106k+Output is not escaped
#4263Advanced All in One Admin Search by WP Spotlight422525900Missing Version
#4264WP Widget Clipboard – Duplicate widgets intuitively425119800Output is not escaped
#4265WPB Custom Tab Manager for WooCommerce – Add, Edit & Reorder Tabs429532500Output is not escaped
#4266WPFomo42459600Output is not escaped
#4267WPTerm4261893k+Output is not escaped
#4268Yandex.Metrika421520900Unsafe printing function
#4269Zotpress42104032k+Non-prefixed global variable
#4270AddFunc Head & Footer Code43281820k+Output is not escaped
#4271Admin Menu Tree Page View43176910k+Nonce verification recommended
#4272Advanced FAQ Manager438592k+Input is not sanitized
#4273Advanced TinyMCE Configuration4399810k+Text Domain Mismatch
#4274AdWords Conversion Tracking Code4326251k+Non Singular String Literal Domain
#4275Animation Builder – An interface for adding scroll-triggered animations43767800Missing Version
#4276Anonymous Restricted Content4322241k+Unsafe printing function
#4277Anti-spam Reloaded4319192k+Output is not escaped
#4278Auto Alt Text4352134k+Exception output is not escaped
#4279Automatic Responsive Tables4367151k+Output is not escaped
#4280BMI Adult & Kid Calculator4333138700Request data is not unslashed
#4281Category Editor4354188k+Unsafe printing function
#4282Charla Live Chat433313500Output is not escaped
#4283Click to Call or Chat Buttons434761k+Output is not escaped
#4284Comment Reply Email Notification4344193k+Output is not escaped
#4285Simple Mortgage Calculator436731k+Text Domain Mismatch
#4286Custom Menu438311400wp function not compatible with requires wp
#4287Customize Login Image433293k+Unsafe printing function
#4288Customize Snapshots43942500Nonce verification recommended
#4289Database Addon For WPForms ( wpforms entries ) – WPFormsDB43175320k+Nonce verification recommended
#4290Directorist – WPML Integration4310134400Non-prefixed hook name
#4291Disable Gutenberg432347500k+Nonce verification recommended
#4292Disable WP Notification43742510k+Output is not escaped
#4293Easy PayPal Shopping Cart4319401k+Input is not sanitized
#4294Email Notification on Login433371k+Unsafe printing function
#4295F4 Total Stock Value for WooCommerce4327121k+Output is not escaped
#4296Floating Awesome Button (Sticky Button, Popup, Toast) & 200+ Website Custom Interactive Element4366109800Missing direct file access protection
#4297GD bbPress Tools4315611k+Input is not sanitized
#4298Good Old Twitter Feed Widget4311010400Text Domain Mismatch
#4299Per User Prompt for Google Authenticator43852400Nonce verification recommended
#4300Event Tracking for Gravity Forms43342520k+rand mt rand