WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

For admin forms and action links, add and verify a nonce.
For AJAX handlers, use `check_ajax_referer()`.
For public read-only endpoints, document why a nonce is not required and keep input validation strict.

References

WordPress nonces

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#51	WPJAM Basic	20	328	356	4k+	6 days ago	Output Not Escaped
#52	Store Locator WordPress	21	2,372	1,572	10k+	19 days ago	Text Domain Mismatch
#53	Backup Migration	21	981	1,093	80k+	17 days ago	Non Prefixed Variable Found
#54	bbPress	21	929	3,672	100k+	12 months ago	Non Prefixed Function Found
#55	Pinpoint Booking System – Version 2	21	634	328	3k+	4 days ago	missing direct file access protection
#56	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#57	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#58	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	20 days ago	Text Domain Mismatch
#59	Smart Grid-Layout Design for Contact Form 7	21	1,126	734	10k+	2 months ago	Output Not Escaped
#60	Comet Cache	21	857	245	20k+	12 months ago	Output Not Escaped
#61	Cost Calculator Builder	21	322	765	30k+	3 days ago	Non Prefixed Variable Found
#62	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output Not Escaped
#63	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#64	Envo Extra	21	878	600	20k+	26 days ago	Text Domain Mismatch
#65	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams	21	186	437	9k+	2 months ago	Non Prefixed Variable Found
#66	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	4 days ago	Direct Query
#67	Eupago Gateway For Woocommerce	21	612	320	2k+	2 months ago	Output Not Escaped
#68	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	2 days ago	Non Prefixed Variable Found
#69	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	12 days ago	Output Not Escaped
#70	FileOrganizer – WordPress File Manager	21	536	241	200k+	12 days ago	unlink unlink
#71	Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More	21	52	1,959	300k+	6 days ago	Non Prefixed Variable Found
#72	Campaign Monitor for WordPress	21	386	461	2k+	2 months ago	Non Prefixed Variable Found
#73	If-So Dynamic Content – Elementor & All Page Builders Personalization	21	889	725	7k+	25 days ago	Unsafe Printing Function
#74	Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)	21	420	861	1m+	today	Non Prefixed Variable Found
#75	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#76	LA-Studio Element Kit for Elementor	21	8,390	1,964	10k+	6 days ago	Text Domain Mismatch
#77	MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder	21	1,133	3,011	2k+	7 months ago	Non Prefixed Variable Found
#78	Mapster WP Maps	21	3,440	2,903	3k+	11 days ago	Text Domain Mismatch
#79	MotoPress Hotel Booking	21	3,061	1,037	10k+	7 days ago	Text Domain Mismatch
#80	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	21	1,469	3,333	10k+	4 days ago	Non Prefixed Variable Found
#81	OneLogin SAML SSO	21	508	330	7k+	7 months ago	wp function not compatible with requires wp
#82	Packeta	21	802	333	8k+	8 months ago	Exception Not Escaped
#83	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	20 days ago	Non Prefixed Variable Found
#84	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	20 days ago	Non Prefixed Hookname Found
#85	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	12 days ago	Recommended
#86	PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board	21	603	890	6k+	1 month ago	Output Not Escaped
#87	Razorpay Quick Payments	21	399	63	3k+	1 year ago	Exception Not Escaped
#88	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	3 days ago	Output Not Escaped
#89	Rocket Maintenance Mode & Coming Soon Page	21	1,176	1,406	4k+	2 years ago	Non Prefixed Variable Found
#90	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	14 days ago	Text Domain Mismatch
#91	Seamless Donations is Sunset	21	600	514	2k+	2 years ago	Text Domain Mismatch
#92	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#93	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#94	Accept Stripe Payments	21	373	882	20k+	2 months ago	Missing
#95	ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	21	190	660	30k+	26 days ago	Non Prefixed Variable Found
#96	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found
#97	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	6 days ago	Exception Not Escaped
#98	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non Prefixed Variable Found
#99	WebP Express	21	160	427	300k+	3 days ago	Non Prefixed Variable Found
#100	Wise Chat	21	470	506	5k+	4 months ago	Output Not Escaped