WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2351Sendcloud Shipping4278565k+Output is not escaped
#2352Set All First Images As Featured424413700Text Domain Mismatch
#2353Simple Download Counter4258462k+Output is not escaped
#2354Simple Meta Tags422813700Output is not escaped
#2355Simple Sticky Footer425716600Missing Arg Domain
#2356SMTP Mailer42514970k+Unsafe printing function
#2357Squelch Tabs and Accordions Shortcodes4257511k+Unsafe printing function
#2358Staffer428842600Output is not escaped
#2359SuperSaaS – online appointment scheduling4279101k+Text Domain Mismatch
#2360ThemeZee Widget Bundle42211585k+Output is not escaped
#2361Ultimate Category Excluder42222650k+Missing nonce verification
#2362UniConsent Cookie Consent CMP – Consent Manager42148181k+Unsafe printing function
#2363Vertical marquee post title4210968400Output is not escaped
#2364WebPlanex: GST Invoice India426363400Text Domain Mismatch
#2365Widget Contact Now42696500Output is not escaped
#2366List Products By Category Widget for WooCommerce428451k+Output is not escaped
#2367TT Extra Fee Option for WooCommerce4237191k+Output is not escaped
#2368Dynamic Remarketing for Google Ads and WooCommerce4232152k+Output is not escaped
#2369WP Child Theme Generator42356620k+Request data is not unslashed
#2370WP Cron Cleaner425138500Unsafe printing function
#2371WP Post Redirect4229173k+Unsafe printing function
#2372WP QuickLaTeX4241604k+Non-prefixed global variable
#2373WP Responsive Table4242106k+Output is not escaped
#2374Advanced All in One Admin Search by WP Spotlight422525900Missing Version
#2375WP Widget Clipboard – Duplicate widgets intuitively425119800Output is not escaped
#2376WPB Custom Tab Manager for WooCommerce – Add, Edit & Reorder Tabs429532500Output is not escaped
#2377WPFomo42459600Output is not escaped
#2378WPTerm4261893k+Output is not escaped
#2379Yandex.Metrika421520900Unsafe printing function
#2380Admin Menu Tree Page View43176910k+Nonce verification recommended
#2381Advanced TinyMCE Configuration4399810k+Text Domain Mismatch
#2382AdWords Conversion Tracking Code4326251k+Non Singular String Literal Domain
#2383Anonymous Restricted Content4322241k+Unsafe printing function
#2384Category Editor4354188k+Unsafe printing function
#2385Click to Call or Chat Buttons434761k+Output is not escaped
#2386Simple Mortgage Calculator436731k+Text Domain Mismatch
#2387Custom Menu438311400wp function not compatible with requires wp
#2388Customize Login Image433293k+Unsafe printing function
#2389Database Addon For WPForms ( wpforms entries ) – WPFormsDB43175320k+Nonce verification recommended
#2390Disable Gutenberg432347500k+Nonce verification recommended
#2391Easy PayPal Shopping Cart4319401k+Input is not sanitized
#2392Email Notification on Login433371k+Unsafe printing function
#2393F4 Total Stock Value for WooCommerce4327121k+Output is not escaped
#2394Event Tracking for Gravity Forms43342520k+rand mt rand
#2395jQuery UI Widgets4313151k+Unsafe printing function
#2396Linker – URL shortener & track outbound link clicks4317172k+Output is not escaped
#2397Lightbox432910700Unsafe printing function
#2398Page Transition433930700Output is not escaped
#2399PE Panels431814500Output is not escaped
#2400Post Carousel Slider for Elementor43133233k+Text Domain Mismatch