WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4951Resume Builder7420591k+Non-prefixed global variable
#4952Show Pages IDs748810k+Output is not escaped
#4953Widgets in Menu for WordPress7416128k+Text Domain Mismatch
#4954WP API SwaggerUI7414202k+Missing direct file access protection
#4955Force Login745830k+Output is not escaped
#4956WP-Sweep741201100k+Direct Query
#4957WP Term Colors74313700Nonce verification recommended
#4958Acumbamail757361k+Non-prefixed global variable
#4959Admin Locale7512106k+Missing Arg Domain
#4960Bulk Comments Management75625700Direct Query
#4961Custom field finder75932k+Output is not escaped
#4962Custom Adobe Fonts (Typekit)75113360k+Non-prefixed global variable
#4963Delay Redirects7558900Request data is not unslashed
#4964En Spam75216500wp function not compatible with requires wp
#4965Force First and Last Name as Display Name755122k+Missing nonce verification
#4966Hide Categories and Products for Woocommerce7512010k+Input is not sanitized
#4967Honeypot Anti Spam for Forminator Forms75471k+Missing nonce verification
#4968Invoice Gateway for WooCommerce – Invoice Payment Gateway753302k+Nonce verification recommended
#4969Media Search Enhanced754234k+Non-prefixed hook name
#4970Open Graph Protocol Framework7517123k+Missing direct file access protection
#4971Order Delivery Date And Time7526281k+Text Domain Mismatch
#4972OXY Re-Login Window7557500Missing Version
#4973PopupAlly7540102k+Missing direct file access protection
#4974Post Type Switcher75318200k+Direct Query
#4975Rapyd Payment Extension for WooCommerce755033400Text Domain Mismatch
#4976reCAPTCHA for bbPress751419800Non-prefixed function
#4977Registration Form for WooCommerce75542900Non-prefixed global variable
#4978Checkout & Store Toolkit for WooCommerce7521900Nonce verification recommended
#4979Matterport Shortcode7521303k+Text Domain Mismatch
#4980Simple Taxonomy Ordering7571010k+Direct Query
#4981Styled Calendar – Customizable, Mobile Responsive Google Calendar Embeds75881k+Exception output is not escaped
#4982Temporary Login7532540k+Nonce verification recommended
#4983Video Background Block – Use video as background in section.7535902k+Non-prefixed global variable
#4984Custom Product Tabs Lite for WooCommerce753114k+Input is not validated
#4985Extra Product Sorting Options for WooCommerce75101610k+Text Domain Mismatch
#4986WP Hide Dashboard756102k+trademarked term
#4987WP-HTML-Compression757221k+Input is not sanitized
#4988WPC Variation Bulk Editor for WooCommerce757221k+Output is not escaped
#4989YITH Slider for page builders7513221k+Nonce verification recommended
#4990Change Mail Sender76971920k+Text Domain Mismatch
#4991Leo Product Recommendations for WooCommerce76379400Short URL found
#4992Payment Gateway for Authorize.net for WooCommerce76616700Input is not sanitized
#4993Preload Images76861k+Output is not escaped
#4994Rearrange Products for WooCommerce7612220k+Input is not sanitized
#4995Search Regex76625100k+Direct Query
#4996Smartideo76831k+Output is not escaped
#4997Store file uploads for Contact Form 776561k+Output is not escaped
#4998Category Order and Taxonomy Terms Order763510500k+wp function not compatible with requires wp
#4999The Future Is Now763101k+Input is not sanitized
#5000WEN Featured Image761183k+Input is not validated