WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2251Masonry Widget415811500Output is not escaped
#2252TechGasp Sound Master411364500Output is not escaped
#2253TechGasp Music Master411434500Output is not escaped
#2254Sticky Posts – Switch418456k+Output is not escaped
#2255tarteaucitron.io41449210k+Output is not escaped
#2256Taxonomy Converter415424600Output is not escaped
#2257Taxonomy Filter4114340800Output is not escaped
#2258Terms of Service & Privacy Policy Generator41991600Output is not escaped
#2259Text Replace4155123k+Output is not escaped
#2260Theme Duplicator411431400Nonce verification recommended
#2261Advanced Editor Tools41143841m+Unsafe printing function
#2262TW Pagination4190231k+Non Singular String Literal Domain
#2263Unbloater4157185k+Output is not escaped
#2264Usersnap413717500Output is not escaped
#2265Visibility Logic for Elementor41274330k+Output is not escaped
#2266fancyBox 3 for WordPress4172111k+Output is not escaped
#2267Waka Bulk Page4152161k+Unsafe printing function
#2268WaveSurfer-WP418322400Unsafe printing function
#2269Advanced Custom Stock Status4184339k+Output is not escaped
#2270Top Image SEO41115265k+Unsafe printing function
#2271Quick View For WooCommerce4144441k+Output is not escaped
#2272Pay for Payment for WooCommerce41296710k+Missing nonce verification
#2273Spam Protect for Contact Form 741166110k+Request data is not unslashed
#2274WP Content Copy Protection & No Right Click41127135100k+Unsafe printing function
#2275WP Dashboard Notes41242920k+Unsafe printing function
#2276WP Extended Search411593720k+Output is not escaped
#2277WP Lorem ipsum413729500Unsafe printing function
#2278WP Modal Popup with Cookie Integration4188131k+Unsafe printing function
#2279WP Permalink Translator4134212k+Unsafe printing function
#2280WP Test Email41322820k+Unsafe printing function
#2281User Login Notifier for WordPress4172261k+Output is not escaped
#2282WPS Hide Login4134722m+Nonce verification recommended
#2283Z-Credit Checkout – WooCommerce Payment Gateway4115122900Text Domain Mismatch
#2284Zilla Portfolio4113915400Text Domain Mismatch
#2285Add to Cart Button Custom Text429849k+Text Domain Mismatch
#2286All-in-one Like Widget4216521k+Text Domain Mismatch
#2287Open Currency Converter4259191k+Unsafe printing function
#2288Automatic NBSP4224163k+Output is not escaped
#2289Basic SEO Pack42868700Output is not escaped
#2290Bazz CallBack widget4255283k+Unsafe printing function
#2291Block Temporary Email423313500Unsafe printing function
#2292BP Auto Group Join425555700Output is not escaped
#2293Bulk Change Media Author4225202k+Unsafe printing function
#2294Custom Spinner for Contact Form 74236111k+Output is not escaped
#2295HTML Template for CF74221271k+Non-prefixed global variable
#2296Change Background Color for Pages, Posts, Widgets42357500Text Domain Mismatch
#2297Chartbeat4233181k+Output is not escaped
#2298Cities Shipping Zones for WooCommerce4294444k+Text Domain Mismatch
#2299Comment Reply Email422123500Unsafe printing function
#2300Companion Revision Manager – Revision Control4218284k+Unsafe printing function