WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3701Taxonomy Switcher4822362k+Nonce verification recommended
#3702Virtuaria PagBank / PagSeguro for WooCommerce48121601k+Non-prefixed global variable
#3703WC Provincia Canton Distrito48103141k+Text Domain Mismatch
#3704Whitelist IP For Limit Login Attempts481812500Output is not escaped
#3705WP Login Form4814207k+Request data is not unslashed
#3706ACF Quick Edit Fields49207230k+Nonce verification recommended
#3707Advanced Automatic Updates49262520k+Nonce verification recommended
#3708SiteEase Bulk Delete Manager495072900Direct Query
#3709Analytics by BestWebSoft – Google Analytics Dashboard and Statistic Plugin for WordPress494781761k+Text Domain Mismatch
#3710CallPage – Callback Widget4941171k+Non Singular String Literal Domain
#3711Gallery Carousel Without JetPack4956354k+Text Domain Mismatch
#3712Successful Redirection for Contact Form49332010k+Text Domain Mismatch
#3713CryptAPI Payment Gateway for WooCommerce4918523400Text Domain Mismatch
#3714CIO Custom Fields Importer49238400Output is not escaped
#3715Download Media Library4922401k+Text Domain Mismatch
#3716Drag and Drop Multiple File Upload for WooCommerce49114295k+Text Domain Mismatch
#3717Easy Google AdSense4919125k+Output is not escaped
#3718Easy Media Download4920159k+Output is not escaped
#3719Easy Property Listings4960665k+wp function not compatible with requires wp
#3720Import into Easy Property Listings49335241k+Text Domain Mismatch
#3721GamiPress – Multimedia Content491125500Nonce verification recommended
#3722Ecommerce Fabrick4941351k+Nonce verification recommended
#3723Tag Pilot FREE – Google Tag Manager Integration for WooCommerce4933191k+Output is not escaped
#3724HT Feed497611700Output is not escaped
#3725Web Icons4951101k+Output is not escaped
#3726OneClick Chat to Order496774140k+Text Domain Mismatch
#3727ReCrawler4910404k+Direct Query
#3728Registered Users Only4914142k+Unsafe printing function
#3729Search in Place4974573k+wp function not compatible with requires wp
#3730Secondary Product Image for WooCommerce4925292k+Output is not escaped
#3731Songkick Concerts and Festivals49948500Input is not sanitized
#3732Stop Pinging Yourself49478600Non Singular String Literal Domain
#3733UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks49343840k+Missing direct file access protection
#3734Users by Date Registered4913201k+Nonce verification recommended
#3735PDF Invoices & Packing Slips for WooCommerce – Challan49561514k+Non-prefixed global variable
#3736Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit4951451k+Missing nonce verification
#3737Product Slider, Product Grid, Product Masonry495514410k+wp function not compatible with requires wp
#3738WP Sitemap Page494314200k+Missing Translators Comment
#3739WP Smart Import : Import any XML File to WordPress49283021k+Non-prefixed global variable
#3740WP User Groups494432600Missing Translators Comment
#3741Booster for WPForms507945700Text Domain Mismatch
#3742BuddyPress Groups Extras503051400Missing direct file access protection
#3743Page Builder Gutenberg Blocks – CoBlocks5016736300k+block api version too low
#3744Customize Tawk.to Widget502128500Request data is not unslashed
#3745Disable Site502634k+Output is not escaped
#3746Block IPs for Gravity Forms508361k+Request data is not unslashed
#3747Headline Analyzer5013311k+Nonce verification recommended
#3748HT Slider For Elementor508844020k+Text Domain Mismatch
#3749IMGspider – 图片采集抓取插件5012492k+Missing nonce verification
#3750Custom Block Builder – Lazy Blocks50235120k+Non-prefixed hook name