WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2351BP Profile Search36321855k+Output is not escaped
#2352bpost shipping369743700Output is not escaped
#2353Breadcrumb NavXT36102111800k+Non Singular String Literal Domain
#2354Bulgarisation for WooCommerce361355945k+Nonce verification recommended
#2355WOLF – WordPress Posts Bulk Editor and Manager Professional3615744k+Request data is not unslashed
#2356Bulk Post Update Date36966610k+Unsafe printing function
#2357Bus Ticket Booking with Seat Reservation36145192800Non-prefixed global variable
#2358Better WordPress Recent Comments3631969600Text Domain Mismatch
#2359Carousel Ultimate36450284700Text Domain Mismatch
#2360Carousel Horizontal Posts Content Slider36271592k+Text Domain Mismatch
#2361Cashflows for WooCommerce3611936600Text Domain Mismatch
#2362Simple SEO3616411310k+Non Singular String Literal Domain
#2363Multi Step for Contact Form 7366110610k+Missing nonce verification
#2364Contact Form 7 Polylang Module3632455k+Output is not escaped
#2365CloudPayments Gateway for WooCommerce3620570500Text Domain Mismatch
#2366CLP – Custom Login Page by NiteoThemes3624049700Output is not escaped
#2367CM Header and Footer – Add custom scripts and styles to your header and footer with ease362301981k+Output is not escaped
#2368Code Snippets36342031m+Nonce verification recommended
#2369ColorMeShop WordPress Plugin3639237600Exception output is not escaped
#2370Coming Soon, Under Construction & Maintenance Mode By Dazzler361731326k+Text Domain Mismatch
#2371Conditional Payments for WooCommerce3629218410k+Text Domain Mismatch
#2372Conditional Shipping for WooCommerce369319610k+Non-prefixed global variable
#2373Continuous Image Carousel With Lightbox362551291k+Output is not escaped
#2374CP Blocks3646381k+wp function not compatible with requires wp
#2375Crelly Slider3642118510k+Unsafe printing function
#2376CSH Login3612641500Output is not escaped
#2377Custom Database Applications by Caspio363263400Input is not sanitized
#2378Custom PHP Settings361537610k+Output is not escaped
#2379Dashboard Widgets Suite362061244k+Output is not escaped
#2380Depicter — Popup & Slider Builder3613012180k+Exception output is not escaped
#2381DeveloPress Sticky Footer Bar3616549400Output is not escaped
#2382Different Menu in Different Pages – Conditional Menu361671134k+Text Domain Mismatch
#2383Doneren met Mollie364203514k+SQL query is not prepared
#2384Drag and Drop Multiple File Upload for Contact Form 736823660k+wp function not compatible with requires wp
#2385Duitku Payment Gateway36507107700Text Domain Mismatch
#2386Duplicate Post – duplicate pages, copy content, clone posts3676815k+wp function not compatible with requires wp
#2387Dynamic Copyright Year3697243800Output is not escaped
#2388Dynamic Front-End Heartbeat Control362171111k+Text Domain Mismatch
#2389Dynamic Visibility for Elementor36568950k+Non-prefixed hook name
#2390WP CTA – Call Now Button, Sticky Button & Call to Action Builder3614332k+Non-prefixed global variable
#2391Easy Support Videos – Embed videos in the admin3616095500Output is not escaped
#2392Product Carousel Slider for Elementor36148631k+Text Domain Mismatch
#2393Email Before Download3689296k+Unsafe printing function
#2394Endora3653721k+Output is not escaped
#2395Enhanced Media Library3636111760k+Unsafe printing function
#2396Enormail Sign Up Forms36133126400Output is not escaped
#2397Envo's Templates & Widgets for Elementor and WooCommerce361,0655410k+Text Domain Mismatch
#2398Events Manager and WPML Compatibility361011771k+Direct Query
#2399Export Variable Products367949400Text Domain Mismatch
#2400Happy WooCommerce FAQs – Ultimate Product FAQ Plugin36651191k+Nonce verification recommended