WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3451Gelato Integration for WooCommerce4236325k+Output is not escaped
#3452Geo Blocker – Control Site Access by Region and IP421064800Direct Query
#3453Goolytics – Simple Google Analytics423754k+Unsafe printing function
#3454Hide Cart Functions4212503k+Nonce verification recommended
#3455Hide Featured Image42261210k+Unsafe printing function
#3456Image Uploader for Welcart4227243k+Output is not escaped
#3457WP All Import – Import SEO Settings for Rank Math SEO4218447k+Nonce verification recommended
#3458iOS images fixer4222426k+Nonce verification recommended
#3459iyzico for WooCommerce42345410k+Unsafe printing function
#3460Lazy Social Comments4273101k+Unsafe printing function
#3461LeadSnap4214841k+Input is not validated
#3462LH Page Links To422538500Output is not escaped
#3463LIQUID BLOCKS – Slider, Carousel, Accordion4250314k+Unsafe printing function
#3464Mailster Cool Captcha426528400Text Domain Mismatch
#3465Medical Addon for Elementor4220081k+Text Domain Mismatch
#3466Message Popup For Contact Form 74230811k+Missing nonce verification
#3467My Upload Images427448400Unsafe printing function
#3468Nav Menu Collapse4217393k+Missing nonce verification
#3469NS Remove Related Products for WooCommerce4295433k+Output is not escaped
#3470OnPay.io for WooCommerce42238371k+Text Domain Mismatch
#3471PageMenu4216291k+Missing nonce verification
#3472PAYDUNYA WOOCOMMERCE PAR425432600Text Domain Mismatch
#3473المنتور فارسی42175240k+Nonce verification recommended
#3474Photo Galleria42785800Missing Arg Domain
#3475Polylang Theme Strings42119306k+Output is not escaped
#3476Post Types Order424543600k+wp function not compatible with requires wp
#3477WP Email Log – PostBox42281700Nonce verification recommended
#3478Prepare New Version4253246k+Output is not escaped
#3479Prismatic4261292k+Output is not escaped
#3480Product Price History for WooCommerce42101800Nonce verification recommended
#3481PuSHPress42116520k+Missing nonce verification
#3482reCAPTCHA for WooCommerce42803140k+Output is not escaped
#3483Rename wp-admin login4223388k+Output is not escaped
#3484Reusable Blocks Extended42381520k+Output is not escaped
#3485SALERT – Fake Sales Notification WooCommerce4241678k+Non-prefixed global variable
#3486Sendcloud Shipping4278565k+Output is not escaped
#3487SEO Backlink Monitor4286105700Output is not escaped
#3488Simple Download Counter4258462k+Output is not escaped
#3489SMTP Mailer42514970k+Unsafe printing function
#3490Speed Contact Bar4253205k+Output is not escaped
#3491Starter Sites4262251k+Output is not escaped
#3492Combine Social Photos | Still BE4233281700Non-prefixed global variable
#3493ThemeZee Widget Bundle42211585k+Output is not escaped
#3494Transients Manager42455020k+Output is not escaped
#3495Two Factor421870100k+Nonce verification recommended
#3496Ultimate Coming Soon Page, Maintenance Mode & Under Construction – Gutenberg Block Builder & Landing Page4215899k+Non-prefixed global variable
#3497Usermaven4236771k+Request data is not unslashed
#3498Vast Demo Import42180113600Text Domain Mismatch
#3499WC Speed Repair4234741k+Non-prefixed global variable
#3500Weather Widget Pro4229451k+Output is not escaped