WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2401FreePay for WooCommerce36114102400Output is not escaped
#2402Friendly Functions for Welcart36311831k+Non Singular String Literal Domain
#2403GetPaid > Wallet36174227700Text Domain Mismatch
#2404Google Webfont Optimizer364549700Output is not escaped
#2405Gutena Kit – Gutenberg Blocks and Templates3639871k+Nonce verification recommended
#2406Header Footer Code Manager3681180600k+Non-prefixed global variable
#2407Optimize Social Share36203613k+Unsafe printing function
#2408HTML Forms – Simple WordPress Forms Plugin3623116610k+Output is not escaped
#2409HTML5 Maps361941605k+Output is not escaped
#2410HTTP Requests Manager3698901k+Output is not escaped
#2411Page Speed Optimizer: HTTP/2 Push, Async JavaScript, and Defer CSS3668336k+Output is not escaped
#2412If-So Geolocation3650571k+Non-prefixed global variable
#2413IntelliWidget Per Page Custom Menus and Dynamic Content36586162600Output is not escaped
#2414Italy Cookie Choices (for EU Cookie Law & Cookie Notice)361157710k+Unsafe printing function
#2415Just TinyMCE Custom Styles36112281k+Missing Arg Domain
#2416Legal Text Connector of the IT-Recht Kanzlei36454610k+Exception output is not escaped
#2417Libro de Reclamaciones y Quejas362661244k+Text Domain Mismatch
#2418Linkable Title Html and Php Widget3610831600Output is not escaped
#2419Login as User361016430k+Output is not escaped
#2420LocalWeb All In One36342975k+Non-prefixed global variable
#2421MailMunch – Grow your Email List36102496k+Output is not escaped
#2422Manage Notification E-mails3612998100k+Non-prefixed function
#2423Materialis Companion36129676k+Unsafe printing function
#2424Media Deduper3660999k+Missing Arg Domain
#2425Microsoft Clarity3648163200k+Nonce verification recommended
#2426Mobile Menu Builder for WordPress368133600Output is not escaped
#2427코드엠샵 마이사이트 – MSHOP MY SITE365855800Output is not escaped
#2428Multiple Sidebars3610975600Non Singular String Literal Domain
#2429WP Sticky Sidebar – Floating Sidebar On Scroll for Any Theme36938410k+Non-prefixed global variable
#2430News Manager3613457600Output is not escaped
#2431News Ticker for Elementor3676572k+Text Domain Mismatch
#2432NextGEN Custom Fields362151311k+SQL query is not prepared
#2433MailerLite – Signup forms (official)36430158100k+Output is not escaped
#2434We’re Open!362731875k+Unsafe printing function
#2435Order Status History for WooCommerce362101711k+Output is not escaped
#2436Ovation Elements362339910k+Non-prefixed global variable
#2437Ozh' Admin Drop Down Menu36125433k+Output is not escaped
#2438PayPal Currency Converter BASIC for WooCommerce3634820400Output is not escaped
#2439PayTR Sanal POS WooCommerce – iFrame API361175410k+Output is not escaped
#2440PDF Forms Filler for CF736185793k+Text Domain Mismatch
#2441PDF Forms Filler for WPForms3616154600Text Domain Mismatch
#2442Photonic Gallery & Lightbox for Flickr, SmugMug & Others3618011710k+Missing Translators Comment
#2443Photoswipe Masonry Gallery3657476k+Non Singular String Literal Text
#2444WowStore – Store Builder & Product Blocks for WooCommerce36564374k+Non-prefixed global variable
#2445افزونه رسمی ترب36428630k+Exception output is not escaped
#2446Qubely – Advanced Gutenberg Blocks3639788k+Request data is not unslashed
#2447Quick 301 Redirects36891205k+Non-prefixed global variable
#2448Direct Checkout – Quick View – Buy Now For WooCommerce36901122k+Missing nonce verification
#2449Better Find and Replace – AI-Powered Suggestions366712940k+Missing direct file access protection
#2450Optimize Database after Deleting Revisions3664412760k+Output is not escaped