WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2451Search & Replace365053100k+Missing nonce verification
#2452Search Everything361657710k+Text Domain Mismatch
#2453Shadowbox JS36246141k+Unsafe printing function
#2454ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution3663669100k+Non-prefixed global variable
#2455Snippet Shortcodes363801494k+Non Singular String Literal Domain
#2456StaticPress368879500Output is not escaped
#2457Subscribe to Comments3612916310k+Output is not escaped
#2458Supplier Order Email3654105400Output is not escaped
#2459Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder3616240200k+Output is not escaped
#2460SurveyJS: Drag & Drop Form Builder3612134500Missing Version
#2461Sync QCloud COS3663109600Non-prefixed function
#2462Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.3650105400Direct Query
#2463Advance Side Cart, Ajax Cart & Floating Cart for WooCommerce36371216k+Non-prefixed global variable
#2464The Events Calendar Shortcode & Block367012710k+Non-prefixed hook name
#2465Toolbox for Asgaros Forum36150841k+Output is not escaped
#2466Plugin Name: Traffic Counter Widget Plugin3671107600Output is not escaped
#2467TrustMate.io – WooCommerce integration362551013k+Output is not escaped
#2468FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin361043910k+Output is not escaped
#2469Ubigeo de Perú para Woocommerce y WordPress361912354k+Non-prefixed function
#2470Uji Countdown36284984k+Text Domain Mismatch
#2471Slider Ultimate3629480500Output is not escaped
#2472underConstruction36986040k+Unsafe printing function
#2473PDF Flipbook, WPBakery Addon – Unreal FlipBook36400921k+Non Singular String Literal Domain
#2474Video Thumbnails Reloaded36343582k+Text Domain Mismatch
#2475VK Post Author Display368711310k+Non-prefixed function
#2476W4 Post List36491373k+Non-prefixed global variable
#2477WC Builder – WooCommerce Page Builder for WPBakery36647501k+Text Domain Mismatch
#2478Out of Stock Message Manager for WooCommerce36293952k+Text Domain Mismatch
#2479Quantity Plus Minus Button for WooCommerce36838410k+Output is not escaped
#2480Conditional Payments and Shipping for WooCommerce36337271k+Text Domain Mismatch
#2481Shipping with Venipak for WooCommerce36239611k+Text Domain Mismatch
#2482When Last Login365212350k+Non-prefixed global variable
#2483Disable Payment Methods based on cart conditions for WooCommerce36158571k+Non Singular String Literal Domain
#2484Custom Add to Cart Button Label and Link for WooCommerce363711123k+Text Domain Mismatch
#2485Guaranteed Reviews Company (Société des Avis Garantis)363691971k+Output is not escaped
#2486Viva Payments – Viva Wallet WooCommerce Payment Gateway3697321k+Non Singular String Literal Domain
#2487Rabo Smart Pay for WooCommerce3615055600Text Domain Mismatch
#2488Extended Coupon Features for WooCommerce FREE362196310k+Text Domain Mismatch
#2489Eway Payments for Woo36525403k+Text Domain Mismatch
#2490SuperFaktura WooCommerce36601162k+Nonce verification recommended
#2491Hide admin notices – Admin Notification Center36114678k+Output is not escaped
#2492WP Better Permalinks36110591k+Output is not escaped
#2493WP Coder – Insert & Manage Code Snippets365328010k+Nonce verification recommended
#2494WP Custom Cursors | WordPress Cursor Plugin366913909k+Text Domain Mismatch
#2495WP-EMail36340951k+Unsafe printing function
#2496WP Header Images361741336k+Unsafe printing function
#2497WP Hotel Booking WooCommerce3693991k+Output is not escaped
#2498WP Mail36202201500Output is not escaped
#2499Payment Button for PayPal36155864k+Unsafe printing function
#2500WP Publication Archive3619764400Text Domain Mismatch