WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
Avoid marking values as safe unless they are hard-coded or already strictly constrained.

References

WordPress escaping functions

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	BulletProof Security	0	5,048	4,949	20k+	1 month ago	Output Not Escaped
#2	Themify Builder	9	5,195	2,096	5k+	5 days ago	Text Domain Mismatch
#3	AnyComment	17	445	449	5k+	4 years ago	Output Not Escaped
#4	wpForo Forum	17	4,033	2,922	20k+	21 days ago	Unsafe Printing Function
#5	WPtouch – Make your WordPress Website Mobile-Friendly	17	1,466	325	50k+	7 months ago	Text Domain Mismatch
#6	Property Hive	18	1,957	6,027	3k+	3 days ago	Missing
#7	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	9 days ago	Non Prefixed Variable Found
#8	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#9	Download Monitor	19	425	1,364	80k+	5 days ago	Non Prefixed Hookname Found
#10	Event Organiser	19	1,106	544	20k+	2 years ago	Text Domain Mismatch
#11	Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	19	1,218	901	100k+	12 days ago	Exception Not Escaped
#12	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)	19	3,275	3,228	10k+	7 months ago	Output Not Escaped
#13	Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	19	1,295	2,679	9k+	6 days ago	Output Not Escaped
#14	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	4 days ago	Missing Translators Comment
#15	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#16	Scrollsequence – Cinematic Scroll Image Animation Plugin	19	878	1,528	4k+	14 days ago	Non Prefixed Variable Found
#17	SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments	19	526	1,119	90k+	5 days ago	Non Prefixed Variable Found
#18	Brizy – Page Builder	20	589	720	70k+	12 days ago	Output Not Escaped
#19	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	3 days ago	Output Not Escaped
#20	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	6 days ago	Output Not Escaped
#21	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#22	Brevo – Email, SMS, Web Push, Chat, and more.	20	460	646	100k+	2 months ago	Missing Unslash
#23	Nimble Page Builder	20	1,591	1,684	30k+	1 year ago	Missing Arg Domain
#24	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#25	Remove Add to Cart WooCommerce	20	616	1,378	4k+	8 months ago	Non Prefixed Variable Found
#26	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	1 month ago	Output Not Escaped
#27	Razorpay for WooCommerce	20	974	855	100k+	2 days ago	Non Prefixed Function Found
#28	WPJAM Basic	20	328	356	4k+	5 days ago	Output Not Escaped
#29	bbPress	21	929	3,672	100k+	12 months ago	Non Prefixed Function Found
#30	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#31	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#32	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output Not Escaped
#33	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#34	Envo Extra	21	878	600	20k+	25 days ago	Text Domain Mismatch
#35	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams	21	186	437	9k+	2 months ago	Non Prefixed Variable Found
#36	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	11 days ago	Output Not Escaped
#37	If-So Dynamic Content – Elementor & All Page Builders Personalization	21	889	725	7k+	24 days ago	Unsafe Printing Function
#38	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#39	Mapster WP Maps	21	3,440	2,903	3k+	10 days ago	Text Domain Mismatch
#40	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	21	1,469	3,333	10k+	3 days ago	Non Prefixed Variable Found
#41	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	19 days ago	Non Prefixed Variable Found
#42	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	19 days ago	Non Prefixed Hookname Found
#43	PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board	21	603	890	6k+	1 month ago	Output Not Escaped
#44	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#45	Rocket Maintenance Mode & Coming Soon Page	21	1,176	1,406	4k+	2 years ago	Non Prefixed Variable Found
#46	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	13 days ago	Text Domain Mismatch
#47	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#48	Accept Stripe Payments	21	373	882	20k+	2 months ago	Missing
#49	ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	21	190	660	30k+	25 days ago	Non Prefixed Variable Found
#50	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found