WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2501WP Responsive Menu3629513930k+Text Domain Mismatch
#2502WP Hardening (discontinued)362308510k+Text Domain Mismatch
#2503WP Socializer – Simple & Easy Social Media Share Icons362145110k+Output is not escaped
#2504WP Sort Order361342116k+Direct Query
#2505WP Stripe Checkout361981181k+Unsafe printing function
#2506WP Super Edit36351852k+Nonce verification recommended
#2507Yandex.Metrica36763060k+Output is not escaped
#2508WPAvatar3642545700Unsafe printing function
#2509WP fail2ban Blocklist3661633k+SQL query is not prepared
#2510wpShopGermany IT-RECHT KANZLEI363747500Input is not sanitized
#2511YayExtra – WooCommerce Extra Product Options36114721k+Non-prefixed global variable
#2512Visual CSS Style Editor3628323340k+Output is not escaped
#2513Custom Product Tabs for WooCommerce36878180k+Output is not escaped
#2514360 Javascript Viewer37144221k+Output is not escaped
#2515Redirectioner372344101k+Output is not escaped
#2516ACF: TablePress37160451k+Text Domain Mismatch
#2517Adapta RGPD373497240k+Text Domain Mismatch
#2518Adaptive Images for WordPress3751753k+Output is not escaped
#2519Add From Server37522060k+Output is not escaped
#2520AddToAny Share Buttons37123164300k+Unsafe printing function
#2521Add to Cart Redirect for WooCommerce372151418k+Text Domain Mismatch
#2522Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs37393610k+Missing direct file access protection
#2523PiWeb Advanced Flat rate / Conditional shipping for WooCommerce37841922k+wp function not compatible with requires wp
#2524Agreeable374067800Unsafe printing function
#2525AJAX Hits Counter + Popular Posts Widget3724744900Output is not escaped
#2526Analytics Spam Blocker377622800Unsafe printing function
#2527Antom Payments376273800badly named files
#2528All-in-one Chat Button by anychat.one3711969900Text Domain Mismatch
#2529Anything Popup371641852k+Non-prefixed global variable
#2530Apaczka: integracja z WooCommerce3783163k+Non-prefixed global variable
#2531Async JavaScript373577970k+Unsafe printing function
#2532Login by Auth0373078210k+Text Domain Mismatch
#2533Random Posts and Pages Widget37322151k+Output is not escaped
#2534AZAN Plugin374430500Output is not escaped
#2535Banhammer – Monitor Site Traffic, Block Bad Users and Bots371041741k+Output is not escaped
#2536Custom Thank You Page Customize For WooCommerce by Binary Carpenter3745802k+error log error log
#2537Bellows Accordion Menu371602810k+Text Domain Mismatch
#2538Better Click To Share – Shareable Quote Boxes for X (Twitter)37170596k+Unsafe printing function
#2539Blog News Addons For Elementor (News, Magazine and Blog Addons)3723296400Non-prefixed global variable
#2540Customize WordPress Emails and Alerts – Better Notifications for WP37644730k+Missing Arg Domain
#2541Booster Extension37282897k+Non-prefixed global variable
#2542Britetechs Companion379666132k+Text Domain Mismatch
#2543bunny.net – WordPress CDN Plugin3716515910k+Output is not escaped
#2544Contact Zalo Report SW374439900Missing Arg Domain
#2545Delivery Date Time & Pickup for WooCommerce37148216400Output is not escaped
#2546Carousel Upsells and Related Product for Woocommerce37173351k+Output is not escaped
#2547Catalog Booster & Product Catalog Mode for WooCommerce371061681k+Non-prefixed function
#2548Checkout for PayPal3713467600Unsafe printing function
#2549Clearpay Gateway for WooCommerce37185631k+Text Domain Mismatch
#2550ClickCease Click Fraud Protection37305810k+Non-prefixed class