WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2201Hide My Dates415011400Unsafe printing function
#2202Hide WP Admin Login412339500Nonce verification recommended
#2203Inpost Paczkomaty4135688k+Text Domain Mismatch
#2204Insert JavaScript and CSS416419400Text Domain Mismatch
#2205Jellyfish Counter Widget4117451k+Output is not escaped
#2206jQuery Vertical Scroller411104400Output is not escaped
#2207Ko-fi Button4175155k+Output is not escaped
#2208Lazy Load Optimizer4163263k+Unsafe printing function
#2209Lazy Load XT41877600Non Singular String Literal Domain
#2210LH Agree to Terms415932800Output is not escaped
#2211Log cleaner for Solid Security4165478k+Text Domain Mismatch
#2212Magic Liquidizer Responsive Table41114386k+Text Domain Mismatch
#2213MaxLimits – Increase Maximum Upload, Post & PHP Limits4199162k+Unsafe printing function
#2214Media Grid4142442k+Missing Arg Domain
#2215Meks Flexible Shortcodes41133110k+Unsafe printing function
#2216Mobile Contact Bar41943610k+Unsafe printing function
#2217Most Popular Categories41672600Output is not escaped
#2218MouseWheel Smooth Scroll411047100k+Text Domain Mismatch
#2219MS Custom Login411176900Unsafe printing function
#2220Multiple Domain41421710k+Output is not escaped
#2221My Favorites4135341k+Output is not escaped
#2222Native Emoji4154375k+Unsafe printing function
#2223Nepali Date Utilities4151151k+date date
#2224Optimus – WordPress Image Optimizer41522030k+Unsafe printing function
#2225Page Loading Effects4168242k+Output is not escaped
#2226Page Specific Menu Items4178192k+Output is not escaped
#2227Pages In Widgets4113163k+Output is not escaped
#2228Passwordless Login4140241k+Output is not escaped
#2229Web Accessibility (formally known as Ally) – WCAG Scanning, Guided Fixes, Usability Widget414738500k+Output is not escaped
#2230Post Cloner4125151k+Text Domain Mismatch
#2231Posts Viewed Recently415816700Output is not escaped
#2232Powie's WHOIS Domain Check413811500Unsafe printing function
#2233Preload LCP Image41110314k+Unsafe printing function
#2234Prevent Landscape Rotation4131271k+Output is not escaped
#2235Product Expiry for WooCommerce4131852k+Request data is not unslashed
#2236Quick View WooCommerce4180121k+Output is not escaped
#2237Recurring PayPal Donations414847800Text Domain Mismatch
#2238Revision Control41602840k+Output is not escaped
#2239Revisionize4154244k+Output is not escaped
#2240Send link to friend418147400Output is not escaped
#2241Service Box41150230400Missing nonce verification
#2242Share a Draft413963k+Output is not escaped
#2243Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More414361100k+Request data is not unslashed
#2244Simple CPT41280604k+Unsafe printing function
#2245Simple Like Page – Fast & Privacy-Friendly Page Embeds411453110k+Output is not escaped
#2246Simple Google Photos Grid414821k+Output is not escaped
#2247IP Ban4129392k+Input is not validated
#2248Simple Page Access Restriction4166516k+Unsafe printing function
#2249Smooth Scroll Up4161106k+Output is not escaped
#2250Smoove connector for Elementor forms412260600Nonce verification recommended