WordPress.Security.EscapeOutput.UnsafePrintingFunction

Unsafe printing function

A printing function is outputting dynamic content without proving that the content is escaped.

critical weight

Why It Shows Up

The scan saw output through functions such as `printf`, `print`, or similar constructs where the printed values were not escaped for their context.

Why It Matters

Formatted output is still browser output. If any argument contains attacker-controlled content, the page can become vulnerable to cross-site scripting.

How to Fix

  • Escape every dynamic argument with `esc_html()`, `esc_attr()`, `esc_url()`, or `wp_kses()` as appropriate.
  • Keep translation wrappers and escaping wrappers in the correct order, such as `esc_html__( 'Text', 'text-domain' )` for translated text.
  • Avoid marking values as safe unless they are hard-coded or already strictly constrained.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2951Visual Term Description Editor8211510k+Missing Arg Domain
#2952Optimize Images Resizing831246k+Unsafe printing function
#2953Photospace Responsive Gallery8311514900Text Domain Mismatch
#2954Post Meta Inspector83612k+Unsafe printing function
#2955Upload Url and Path Enabler831012k+Missing Arg Domain
#2956Floating Publish Button84541k+Unsafe printing function
#2957Public Post Preview Configurator8414610k+Non Singular String Literal Domain
#2958ACF Nav Menu Field851662k+Text Domain Mismatch
#2959ACF YouTube Picker85827400Text Domain Mismatch
#2960Advanced Custom Fields: Nav Menu Field852768k+Missing Arg Domain
#2961Stock market charts from finviz8581400Missing Arg Domain
#2962Free Shipping Per Product for WooCommerce852133k+Text Domain Mismatch
#2963WP Revisions Control859640k+wp function not compatible with requires wp
#2964BNE Gallery Extended86801k+Unsafe printing function
#2965Custom Content Width86801k+Text Domain Mismatch
#2966Heroic Glossary – Block for building Glossaries, Dictionaries and more86873k+Text Domain Mismatch
#2967PageView861721k+wp function not compatible with requires wp
#2968Taxonomy TinyMCE86101900Unsafe printing function
#2969Sold Individually for WooCommerce Product Variations8626800Missing nonce verification
#2970Яндекс Поделиться8694900Unsafe printing function
#2971Customizer Search8710150k+Missing direct file access protection
#2972Slide-out Menu – Mobile Friendly modern navigation87522500Non-prefixed global variable
#2973ZI Hide price and add to cart for WooCommerce871571k+wp function not compatible with requires wp
#2974Cudazi Scroll to Top8874600Missing Version
#2975Automatically Hierarchic Categories in Menu89942k+Post Not In exclude
#2976RT Slider8992800Missing direct file access protection
#2977Turn Off Comments — Hide Comment Box and Stop Spam89341k+Non-prefixed function
#2978Shipping Live Rates and Access Points for UPS for WooCommerce906117k+Non-prefixed global variable
#2979Link Verification for Mastodon9040400Unsafe printing function
#2980Order Status Control for WooCommerce902345k+Text Domain Mismatch
#2981Change Author91801k+Missing Arg Domain
#2982getLaw WP API Client91114600curl curl setopt
#2983Hotlink File Prevention9161600file system operations is writable
#2984Jetpack Lite9137600Non-prefixed function
#2985Remove Image Links91510900Non-prefixed function
#2986REST API Toolbox912502k+Missing Arg Domain
#2987Change Text Case92412k+Missing Arg Domain
#2988Customizer Custom CSS9252400Deprecated parameter: load_plugin_textdomain parameter 2
#2989Picture Gallery – Frontend Image Uploads, AJAX Photo List9252400date date
#2990Disable WooCommerce Reviews93242k+trademarked term