WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2051Post Tiles40465400Output is not escaped
#2052Private Google Calendars40227371k+Output is not escaped
#2053Privilege Widget4013952600Text Domain Mismatch
#2054PT Theme Addon4067211k+Output is not escaped
#2055Quick Child Theme Generator402274900Request data is not unslashed
#2056Recent & Featured Posts Widget401242600Output is not escaped
#2057Random Post Plugin – Redirect URL to Post4028743k+Nonce verification recommended
#2058Redirector4048327k+Output is not escaped
#2059Rename default post Labels405436600Text Domain Mismatch
#2060Responsive Full Width Background Slider40131222k+Unsafe printing function
#2061Responsive Gallery Grid4090144k+Output is not escaped
#2062Responsive Sidebar404312700Output is not escaped
#2063Responsive Slider4028153k+Output is not escaped
#2064Risk Free Cash On Delivery (COD) – WooCommerce4010631400Text Domain Mismatch
#2065LazyLoad Plugin – Lazy Load Images, Videos, and Iframes403117100k+Output is not escaped
#2066Role Based Redirect4020962k+Non-prefixed global variable
#2067Salat Times4023520500Output is not escaped
#2068Same Category Posts4018383k+Output is not escaped
#2069Schedule Posts Calendar4074361k+Output is not escaped
#2070Search with Typesense4081122700Non-prefixed global variable
#2071Secondary Title40117317k+Unsafe printing function
#2072Select All Categories and Taxonomies, Change Checkbox to Radio Buttons40116303k+Output is not escaped
#2073Sendy Widget404617700Output is not escaped
#2074Multipage407228900Unsafe printing function
#2075Contact Info Widget4018431k+Output is not escaped
#2076AdFlow – Easy Google AdSense Integration4015093k+Unsafe printing function
#2077Simple Link List Widget4012982k+Output is not escaped
#2078Simple Page Sidebars40556510k+Output is not escaped
#2079Simple Restrict4035131k+Output is not escaped
#2080Sinatra Core40101158k+Output is not escaped
#2081SportsPress for Cricket4012234500Text Domain Mismatch
#2082Statify Widget4052134k+Output is not escaped
#2083Stax Addons for Elementor4014381500Output is not escaped
#2084CPS | Age Verification4012735800Unsafe printing function
#2085Tealium407319600Unsafe printing function
#2086Theme Toolkit405314500Output is not escaped
#2087Theme and plugin translation for Polylang (TTfP)401026210k+Text Domain Mismatch
#2088ThemeZee Toolkit40441166k+Nonce verification recommended
#2089Timed Content4076635k+Unsafe printing function
#2090turboSMTP40114112400Unsafe printing function
#2091TW Recent Posts Widget4097141k+Output is not escaped
#2092TZ Flickr Widget40677500Output is not escaped
#2093Ultimate Custom Cursor401383800Output is not escaped
#2094Ultimate Noindex Nofollow Tool II4038513k+Input is not validated
#2095Ultimate Member – ForumWP forum integration403173500Nonce verification recommended
#2096Universal Honey Pot4023941k+Missing nonce verification
#2097Unlimited Logo Carousel4028615500Text Domain Mismatch
#2098Upcoming Events Lists407517900Text Domain Mismatch
#2099Url Rewrite Analyzer407323400Unsafe printing function
#2100UsersWP – ReCaptcha4080173k+Text Domain Mismatch