WordPress.Security.EscapeOutput.OutputNotEscaped

Output is not escaped

Dynamic data is printed to the page without an escaping function for the output context.

critical weight

Why It Shows Up

WordPress Coding Standards detected a variable, option, request value, or function result reaching HTML output without a nearby escaping call.

Why It Matters

Unescaped output can become cross-site scripting when attackers control any part of the value being printed.

How to Fix

  • Use `esc_html()` for plain text, `esc_attr()` for attributes, and `esc_url()` for URLs.
  • Use `wp_kses()` or `wp_kses_post()` when limited HTML is intentionally allowed.
  • Escape as late as possible, right before output, so the selected escaping function matches the final context.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4751WP Eventbrite Embedded Checkout52497700Text Domain Mismatch
#4752WP Hooks Finder5227311k+Output is not escaped
#4753WP Secure Maintenance5228181k+Output is not escaped
#4754Bg RuTube Embed5319211k+Unsafe printing function
#4755Bulk Actions Select All532622800Text Domain Mismatch
#4756Column Shortcodes5332960k+Unsafe printing function
#4757Connect Contact Form 7 and Mailchimp532365240k+Text Domain Mismatch
#4758Custom Post Type UI5316231m+Output is not escaped
#4759Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]5315461m+Non-prefixed global variable
#4760Download PDF After Submit Form53245500Input is not sanitized
#4761Elegant Custom Fonts5315173k+Output is not escaped
#4762Export Custom Pages532219700Output is not escaped
#4763FakerPress536615210k+Non-prefixed global variable
#4764Focus Videos53369400Text Domain Mismatch
#4765International Telephone Input for Contact Form 75318108k+Missing direct file access protection
#4766LearnPress – bbPress Integration5319142k+Output is not escaped
#4767LuckyWP ACF Menu Field534695k+Short PHP open tag found
#4768MOBILOOK — Mobile View & Mobile‑Friendly Test5310201k+Missing nonce verification
#4769Multiple external product URLs for WooCommerce532817400Text Domain Mismatch
#4770Multiple Post Thumbnails53251820k+Output is not escaped
#4771ONTRApages5316271k+Output is not escaped
#4772워드프레스 결제 심플페이 – 우커머스 결제 플러그인5379921k+Missing direct file access protection
#4773Post Type Converter535281k+Nonce verification recommended
#4774Preserved HTML Editor Markup531222600Output is not escaped
#4775Preserved HTML Editor Markup Plus5312223k+Output is not escaped
#4776pretix widget532539400Non-prefixed global variable
#4777Pure Metafields53513010k+Non-prefixed global variable
#4778RDFa Breadcrumb532713600Output is not escaped
#4779REST API Featured Image533416700Output is not escaped
#4780Send Email From Admin532713800Text Domain Mismatch
#4781Shamor535512400wp function not compatible with requires wp
#4782Simple Blog Stats5325764k+Non-prefixed function
#4783Simple Copy Post Button531424400Input is not sanitized
#4784Simple Masonry Layout5328281k+Output is not escaped
#4785Skroutz Analytics for WooCommerce5357151k+Text Domain Mismatch
#4786Social Media Widget53902130k+Text Domain Mismatch
#4787SoundPress Plugin534431k+Output is not escaped
#4788Texty – SMS Notification for WordPress, WooCommerce, Dokan and more5331348k+Output is not escaped
#4789Weight Based Shipping for WooCommerce53484160k+Missing direct file access protection
#4790Widget Context53142040k+Non-prefixed hook name
#4791Widget Icon535310700Output is not escaped
#4792Widgets Reloaded5362201k+Output is not escaped
#4793WP Console – WordPress PHP Console powered by PsySH53344820k+Exception output is not escaped
#4794WP Login Logo53289500Unsafe printing function
#4795Peadig's Twitter Feed: Embedded Timeline WordPress Plugin53376600Output is not escaped
#4796WP User Switch538461k+Input is not sanitized
#4797aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder5483822k+Non-prefixed global variable
#4798AffiliateWP – Order Details For Affiliates5462272k+Output is not escaped
#4799Analytics Head54347600Output is not escaped
#4800Anant Addons for Elementor – Widgets, Templates & WooCommerce Builder5429207800Non-prefixed global variable