WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2451ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب454281k+Output is not escaped
#2452Simple Login Notification4513222k+Request data is not unslashed
#2453Specify Missing Image Dimensions4521121k+Unsafe printing function
#2454WP Revisions Manager454719700Non Singular String Literal Domain
#2455ARI Stream Quiz – WordPress Quizzes Builder46212392k+Non-prefixed global variable
#2456Batch Comment Spam Deletion4622151k+Nonce verification recommended
#2457Delete Multiple Themes463951k+Text Domain Mismatch
#2458DX Delete Attached Media463284k+Output is not escaped
#2459Export Import Menus46232810k+Missing nonce verification
#2460Gravity Forms Constant Contact4636273k+Non-prefixed class
#2461Material Design Icons for Page Builders46694620k+Missing direct file access protection
#2462Pinterest Pinboard Widget46544500Output is not escaped
#2463Responsive Cookie Consent465042k+Unsafe printing function
#2464TotalSurvey for Survey, Quiz and Form4629033600Missing direct file access protection
#2465URL Params4636178k+Text Domain Mismatch
#2466SX User Name Security46429900Output is not escaped
#2467WP Lightbox 246521830k+Text Domain Mismatch
#2468Widget Disable46191910k+Output is not escaped
#2469WP All Import – Import SEO Settings for Yoast SEO46192620k+Nonce verification recommended
#2470Advanced Custom Fields: Number Slider47994400Output is not escaped
#2471Clear Cache for Me4758840k+Text Domain Mismatch
#2472Customizer Export/Import471415100k+Unsafe printing function
#2473Show IDs by Echo4721132k+Output is not escaped
#2474Extended CRM for Users Insights471123400Missing nonce verification
#2475FSM Custom Featured Image Caption4726275k+Output is not escaped
#2476G Meta Keywords4731810k+Unsafe printing function
#2477Granular Controls For Elementor4756410k+Output is not escaped
#2478Import Users from CSV47331210k+Unsafe printing function
#2479Showeblogin Social Plugin47595400Output is not escaped
#2480Simple Popup Plugin475351k+Output is not escaped
#2481Social Media Widget47513400Output is not escaped
#2482SportsPress for Baseball4711334900Text Domain Mismatch
#24833CX Free Live Chat, Calls & Messaging472416100k+Output is not escaped
#2484WP User Profile Restriction47268400Output is not escaped
#2485Add-on WooCommerce – MailPoet 3483021600Output is not escaped
#2486Add Polylang support for Customizer4818202k+Nonce verification recommended
#2487Advanced Custom Fields – Location Field add-on48516900Output is not escaped
#2488AffiliateWP – Store Credit484721400Output is not escaped
#2489Better Block Patterns4877111k+Missing direct file access protection
#2490BP Simple Private481912500Output is not escaped
#2491bxSlider integration for WordPress4812621500Text Domain Mismatch
#2492Contact Form 7 BWP reCAPTCHA Extension489210400Non Singular String Literal Domain
#2493CookieFox – Cookie Notice481419400Output is not escaped
#2494Custom Background Extended481323800Input is not validated
#2495Custom Header Extended4819111k+Unsafe printing function
#2496Custom Related Products for WooCommerce4825105k+Text Domain Mismatch
#2497Disable Author Pages482356k+Unsafe printing function
#2498Filter Page by Template4817202k+Nonce verification recommended
#2499Fixed And Sticky Header483171k+Output is not escaped
#2500Hotline Phone Ring4816158k+Output is not escaped