WordPress.Security.NonceVerification.Recommended

Nonce verification recommended

The code reads request data in a place where Plugin Check recommends a nonce check.

critical weight

Why It Shows Up

The scan saw request handling that may not always mutate state, but still looks like a user-triggered action that should usually be protected by a nonce.

Why It Matters

Adding a nonce reduces accidental or forged requests and documents that the action is expected to originate from the plugin UI.

How to Fix

  • For admin forms and action links, add and verify a nonce.
  • For AJAX handlers, use `check_ajax_referer()`.
  • For public read-only endpoints, document why a nonce is not required and keep input validation strict.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3901Marvy – Background Animations for Elementor5563344k+Text Domain Mismatch
#3902Quick and Easy Testimonials5562323k+Non Singular String Literal Domain
#3903Slider Block by Sliderberg – WordPress Slider & Carousel Plugin for Gutenberg5523191k+Output is not escaped
#3904Free customer chat solution551810500Output is not escaped
#3905Themeflection Numbers – Number Counter and Animated Numbers55224733k+Text Domain Mismatch
#3906Trusona for WordPress55834500Non-prefixed function
#3907VS Contact Form5533187k+Non-prefixed global variable
#3908VK Block Patterns55861100k+Non-prefixed function
#3909AAArdvark Accessibility Reports556242700Non-prefixed global variable
#3910Payment Integration Wompi – El Salvador555027800Text Domain Mismatch
#3911Insert Headers And Footers5574275300k+Non-prefixed function
#3912WP Ultimate Review552338170k+Non-prefixed global variable
#3913Yext Plugin551623800Non-prefixed function
#3914AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation5665201k+Text Domain Mismatch
#3915BuddyCommerce: WooCommerce and BuddyPress Integration562919800Output is not escaped
#3916SMTP by BestWebSoft564861751k+Text Domain Mismatch
#3917CHEQ Essentials561449700Request data is not unslashed
#3918FluentSnippets – High-Performance Code Snippets, Header & Footer Code, Custom CSS & PHP Code Manager56312750k+Nonce verification recommended
#3919Easy Digital Downloads Featured Downloads5615151k+Output is not escaped
#3920Fluent Connect – Connect ThriveCart with your WordPress and FluentCRM563754600curl curl setopt
#3921Grids: Layout builder for WordPress5624272k+Missing direct file access protection
#3922Karma Music Player by Kadar56479700Output is not escaped
#3923Form data to kintone5625221k+Output is not escaped
#3924CIELO API PIX, credit card, debit payment for WooCommerce5611121700Nonce verification recommended
#3925MAS Brands for WooCommerce56801510k+Text Domain Mismatch
#3926Maya Business Plugin56939600Input is not validated
#3927PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more5636151k+Output is not escaped
#3928Require Featured Image562063k+Output is not escaped
#3929Review Stream564142400Non-prefixed global variable
#3930Image Optimization For SEO56116693k+Non Singular String Literal Domain
#3931Simple Org Chart561529900Missing Version
#3932Simple Social Media Share Buttons – Social Sharing for Everyone561452220k+Text Domain Mismatch
#3933Smooth Back To Top Button5641740k+Output is not escaped
#3934Subscriptions for WooCommerce with Stripe Recurring Payments5610467800Non-prefixed global variable
#3935TableKit – WordPress Table Builder for Data Tables, WooCommerce Product Tables & Post Tables5680203k+Missing Translators Comment
#3936TextBuilder5620344k+Missing Arg Domain
#3937ThemeinWP Import Companion5617144k+Unsafe printing function
#3938Export & Import WPBakery Page Builder5612209k+Missing nonce verification
#3939WC Moneris Payment Gateway568220900Text Domain Mismatch
#3940easy AMP561024600Input is not sanitized
#3941WP Clean Admin Menu5629112k+Output is not escaped
#3942Social Chat – Click To Chat App Button568145200k+Text Domain Mismatch
#3943Pantheon Migrations5715261k+Output is not escaped
#3944BestWebSoft’s Pinterest57490176500Text Domain Mismatch
#3945Cresta Social Share Counter5712132k+Output is not escaped
#3946Disable Cart Fragments by Optimocha5781310k+Nonce verification recommended
#3947Easy GDPR Consent Forms – MailChimp577222500Text Domain Mismatch
#3948Live Chat by Formilla – Real-time Chat & Chatbots Plugin5722132k+Missing Arg Domain
#3949iConvert Promoter57982172k+Non-prefixed global variable
#3950Jquery Validation For Contact Form 75716199k+Missing direct file access protection