WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1551Easy Photo Album37360431k+Text Domain Mismatch
#1552Pricing Table WordPress Plugin – Easy Pricing Tables3733216110k+Output is not escaped
#1553Easy Profile Widget3715720400Output is not escaped
#1554EasyMe Connect3713045500Text Domain Mismatch
#1555Eazy CF Captcha379354500Text Domain Mismatch
#1556WP eBay Product Feeds3713631700Output is not escaped
#1557Excerpt Editor37170142500Unsafe printing function
#1558Gmail SMTP37857110k+Unsafe printing function
#1559GoCache3727343900Non Singular String Literal Domain
#1560GoPay for WooCommerce37661031k+Non-prefixed global variable
#1561GS Portfolio for Envato37155754k+Text Domain Mismatch
#1562Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder378311320k+SQL query is not prepared
#1563Hash Elements37147925k+Output is not escaped
#1564Horizontal scrolling announcements372151408k+Output is not escaped
#1565.htaccess Site Access Control375467800Input is not sanitized
#1566Humans TXT3715986400Output is not escaped
#1567Image Optimizer by 10web – Image Optimizer and Compression plugin37244453k+Text Domain Mismatch
#1568Image Widget Deluxe3719011k+Output is not escaped
#1569Injection Guard3786451k+Unsafe printing function
#1570Job Manager & Career – Manage job board listings, and recruitments371122052k+Missing nonce verification
#1571JVM Rich Text Icons3787343k+Output is not escaped
#1572Language Switcher37811051k+Missing Translators Comment
#1573LearnPress – Course Review37674320k+Output is not escaped
#1574LH Archived Post Status37150643k+Text Domain Mismatch
#1575List category posts371611780k+Output is not escaped
#1576LiveJournal Importer3786678k+Output is not escaped
#1577Localendar Calendar for WordPress372416400Output is not escaped
#1578Maintenance Page3762333k+Output is not escaped
#1579Max Mega Menu37249174300k+Output is not escaped
#1580Metorik – Reports & Email Automation for WooCommerce37757010k+Output is not escaped
#1581CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor37479040k+Dynamic hook name
#1582My Post Order37100114400Output is not escaped
#1583news ticker benaceur371,097311k+Output is not escaped
#1584Optin Forms – Simple List Building Plugin for WordPress37647223k+Output is not escaped
#1585WP All Export – Order Export for WooCommerce371091114k+Text Domain Mismatch
#1586OSM – OpenStreetMap371306410k+Output is not escaped
#1587Page scroll to id3738120100k+Missing nonce verification
#1588GoHero Store Customizer for WooCommerce377553600Unsafe printing function
#1589Phoenix Media Rename3718010450k+Output is not escaped
#1590PNG to JPG3713017310k+Interpolated SQL is not prepared
#1591Post Terms Order – per Post based3770362k+Output is not escaped
#1592Product Image Hover Effects WOOC – WPSHARE2473716194800Output is not escaped
#1593Publish to Schedule37195433k+Text Domain Mismatch
#1594PublishPress Statuses – Custom Post Status and Workflow37231781k+Missing Arg Domain
#1595rapidmail: Newsletter & E-Mail Marketing for WooCommerce377947400Text Domain Mismatch
#1596resmio button & widget379936400Text Domain Mismatch
#1597Reusable Content Blocks37349144k+Text Domain Mismatch
#1598Robots & Sitemap3719928500Text Domain Mismatch
#1599RSS for Yandex Zen372401004k+Unsafe printing function
#1600RSS Image Feed37147162k+Output is not escaped