WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1751Stock Market Overview3886141k+Output is not escaped
#1752Stock Market Ticker3869143k+Output is not escaped
#1753Stock Quotes List387213600Output is not escaped
#1754Subscriptions & Memberships for PayPal3873237900Request data is not unslashed
#1755Super Simple Slider3855551k+Non-prefixed global variable
#1756Swiper Js Slider3812535400Output is not escaped
#1757Tag Manager – Header, Body And Footer389731920k+Non-prefixed global variable
#1758Logo Slider , Logo Carousel , Logo showcase , Client Logo3872221k+Output is not escaped
#1759Templatiq383194900Non-prefixed hook name
#1760Product Compare for WooCommerce38551913k+Non-prefixed global variable
#1761Theme Blvd Widget Pack38240171k+Output is not escaped
#1762TopList.cz381387400Output is not escaped
#1763Sidebar Login Widget389016700Output is not escaped
#1764Twenty Eleven Theme Extensions3835303k+Output is not escaped
#1765Twiget Twitter Widget3814736500Output is not escaped
#1766Twitter for WordPress3847241k+Output is not escaped
#1767TypePad emoji for TinyMCE38100248k+Text Domain Mismatch
#1768User Specific Content38143191k+Text Domain Mismatch
#1769Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend3884491k+Output is not escaped
#1770TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys387149900Output is not escaped
#1771Shipping Packages for WooCommerce – Dropship from multiple locations like AliExpress, eBay, Amazon, Etsy389426900Non Singular String Literal Domain
#1772WDV About Me Widget381508900Output is not escaped
#1773White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard382053110k+Output is not escaped
#1774Products Coming Soon for WooCommerce3815162700Output is not escaped
#1775Show Stock Status for WooCommerce3830191k+Output is not escaped
#1776Vietnam Checkout for WooCommerce389313710k+Nonce verification recommended
#1777WP Hebrew Date3810213600Output is not escaped
#1778WP 404 Auto Redirect to Similar Post381664830k+Text Domain Mismatch
#1779WP Accessibility Helper (WAH)38618810k+Missing direct file access protection
#1780WP-Ban38991088k+Unsafe printing function
#1781WP-CommentNavi386846700Output is not escaped
#1782WP Content Copy Protection with Color Design3896615k+Non Singular String Literal Domain
#1783WP-DraftsForFriends38141711k+Output is not escaped
#1784WP Mail SMTP SendGrid Edition3810219500Text Domain Mismatch
#1785WP Mailgun SMTP389951900Text Domain Mismatch
#1786WP Maintenance Mode & Site Under Construction3872573k+Output is not escaped
#1787WP Media Categories3840103800Nonce verification recommended
#1788mb.miniAudioPlayer – an HTML5 audio player for your mp3 files3820464k+Unsafe printing function
#1789WP Redirects – Contact Form 7385071400Unsafe printing function
#1790WP-ServerInfo381625510k+Output is not escaped
#1791External Store for Shopify3897332k+Output is not escaped
#1792WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups38299583k+Non Singular String Literal Domain
#1793WP Video Lightbox381076730k+Unsafe printing function
#1794mb.YTPlayer for background videos3880291k+Unsafe printing function
#1795ZeroBounce Email Verification & Validation38299162900Text Domain Mismatch
#1796Accounting for WooCommerce3987115500Unsafe printing function
#1797ACF: Google Font Selector3957453k+Output is not escaped
#1798ACF Recent Posts Widget3926016500Output is not escaped
#1799Admin Custom Font3934251k+Unsafe printing function
#1800Advanced Categories Widget3917041800Output is not escaped