WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1301Login-Logout3510483k+Output is not escaped
#1302Login Page Styler – Custom WordPress Login Page Customizer & Security351251682k+Missing Arg Domain
#1303Mark Posts3530341k+Output is not escaped
#1304Marquee image crawler35168136700Non-prefixed global variable
#1305Mechanic Visitor Counter35240667k+Output is not escaped
#1306Restaurant Menu – Food Ordering System – Table Reservation353171868k+Unsafe printing function
#1307mosparo Integration35114301900Missing nonce verification
#1308Never Let Me Go353447400Non-prefixed global variable
#1309NGG Smart Image Search35298155400Output is not escaped
#1310Nginx Cache Controller3579961k+Text Domain Mismatch
#1311Nooz35287108500Text Domain Mismatch
#1312One Page Express Companion351326510k+Output is not escaped
#1313ONet Regenerate Thumbnails35190641k+Text Domain Mismatch
#1314Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce351171442k+Output is not escaped
#1315Order Delivery Date for WooCommerce352,0757310k+wp function not compatible with requires wp
#1316OT Flatsome Vertical Menu351262610k+Text Domain Mismatch
#1317Page Optimize357041200k+Non Singular String Literal Domain
#1318Paybox WooCommerce Payment Gateway3516588500Non Singular String Literal Domain
#1319Pixeline's Email Protector35775800Unsafe printing function
#1320Planyo online reservation system356490400Output is not escaped
#1321Poptin – Email Marketing Automation, Newsletter & Exit Pop Ups, Email Popups351682920k+Output is not escaped
#1322Popular Posts3516671900Unsafe printing function
#1323Popup with fancybox35196168900Unsafe printing function
#1324Post Content Shortcodes35205562k+Output is not escaped
#1325Post List Featured Image35112100900Output is not escaped
#1326Post Password Token3513238600Text Domain Mismatch
#1327Pronamic Client3511148700Output is not escaped
#1328QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly352251108k+Non Singular String Literal Domain
#1329Real Time Validation for Gravity Forms35185302k+Output is not escaped
#1330Related Posts by Taxonomy351319710k+Output is not escaped
#1331Related Posts for WordPress3520718010k+Output is not escaped
#1332Remove Admin Toolbar35137600Missing direct file access protection
#1333Restrict Elementor Widgets, Columns and Sections351853500Non-prefixed function
#1334Robots.txt rewrite3556191k+Output is not escaped
#1335sCode (Easy Shortcodes)3515797400Text Domain Mismatch
#1336Internal Links Manager3518812110k+Output is not escaped
#1337Shipping Zones by Drawing for WooCommerce3527895600Text Domain Mismatch
#1338Shop Page WP3568232k+Unsafe printing function
#1339Simple Header Footer HTML353053k+Output is not escaped
#1340Simple Image Sizes35537560k+Unsafe printing function
#1341Simple Yearly Archive35102366k+Unsafe printing function
#1342SimpleTOC – Table of Contents Block3510010k+Setting is missing a sanitization callback
#1343SiteGround Migrator351137480k+Missing Arg Domain
#1344Sitekit3512283k+Output is not escaped
#1345Slick Slider353692k+Output is not escaped
#1346SiteOrigin CSS356184100k+Not In Footer
#1347Spacious Toolkit354894700Non-prefixed global variable
#1348Spots3519549800Output is not escaped
#1349Square Thumbnails3543317800error log error log
#1350SSL Insecure Content Fixer352860100k+Input is not sanitized