WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4401Gateway zibal for Woocommerce4470246k+Text Domain Mismatch
#4402Advanced Custom Fields – Contact Form 7 Field455982k+Output is not escaped
#4403Ajax Archive Calendar4540181k+date date
#4404Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro452611720k+Non-prefixed hook name
#4405Contact Details4543291k+Non Singular String Literal Text
#4406Contact Form 7 Signature Addon45147446k+Text Domain Mismatch
#4407Content Copy Protection & Disable Right Click4547171k+Output is not escaped
#4408Cookie Law Bar4529202k+Output is not escaped
#4409Custom Error Pages455116600Output is not escaped
#4410Easy HTML Sitemap45758600Text Domain Mismatch
#4411Extended Post Status4527271k+Output is not escaped
#4412Format Media Titles453345k+Unsafe printing function
#4413Goftino45162010k+Output is not escaped
#4414Icons Font Loader – Load Web Fonts and Icon Libraries4547332k+Text Domain Mismatch
#4415Inazo's flamingo automatically delete old messages4533204k+Output is not escaped
#4416JetHost Total Care – Security & Enhancements451085800Direct Query
#4417LINE Auto Post451911500Heredoc Output Not Escaped
#4418New Order Notification for WooCommerce452142900Output is not escaped
#4419Outdooractive Embed457018400Text Domain Mismatch
#4420Passwords Evolved4526171k+Output is not escaped
#4421Post Date Randomizer454269k+Unsafe printing function
#4422Product Visibility by User Role for WooCommerce4536356k+Missing Translators Comment
#4423Quick Interest Slider451481k+Missing nonce verification
#4424reCAPTCHA for Asgaros Forum4521364k+Input is not validated
#4425ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب454281k+Output is not escaped
#4426Simple Login Notification4513222k+Request data is not unslashed
#4427Simple Membership MailChimp Integration4534271k+curl curl setopt
#4428Slider Templates4510331k+Request data is not unslashed
#4429Specify Missing Image Dimensions4521121k+Unsafe printing function
#4430Utimate Kit ( Styler ) for WPForms452406920k+Missing Arg Domain
#4431Super Blank45131569k+Missing direct file access protection
#4432SyntaxHighlighter Evolved45334620k+Not In Footer
#4433TriPay Payment Gateway45478441k+Text Domain Mismatch
#4434VietQR4532394k+Text Domain Mismatch
#4435WP Comment Policy Checkbox4531115k+Output is not escaped
#4436WP Global Site Tag454897k+Output is not escaped
#4437WP OpenAPI452622400Output is not escaped
#4438WP Revisions Manager454719700Non Singular String Literal Domain
#4439wpDataTables integration for Forminator Forms4562381k+Text Domain Mismatch
#4440Batch Comment Spam Deletion4622151k+Nonce verification recommended
#4441Better image sizes4645232k+Text Domain Mismatch
#4442Bullhorn Career Portal WordPress Plugin464671k+Output is not escaped
#4443Official CleverReach® Plugin for WooCommerce463798400Non-prefixed global variable
#4444CLP Varnish Cache46155810k+Non-prefixed global variable
#4445CoSchedule4624663k+Nonce verification recommended
#4446DarkMySite – Advanced Dark Mode Plugin for WordPress46221001k+Request data is not unslashed
#4447Delete Multiple Themes463951k+Text Domain Mismatch
#4448Display Featured Image for Genesis4664591k+Non-prefixed global variable
#4449DX Delete Attached Media463284k+Output is not escaped
#4450Easy Basic Authentication – Add basic auth to site or admin area461428600Input is not sanitized