WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#5151Head & Footer Code82115100k+Non-prefixed constant
#5152Hostinger Tools8213223m+wp function not compatible with requires wp
#5153Image Gallery Block8213103k+wp function not compatible with requires wp
#5154Infobox8215121k+file system operations mkdir
#5155Lazy Load for Videos826379k+Non-prefixed constant
#5156Meks Easy Maps821313900Input is not sanitized
#5157Multiple Form Instances Add-on for Gravity Forms8255800Missing direct file access protection
#5158mypace Custom Meta Robots82462k+Input is not sanitized
#5159Parallax Slider Block8215121k+file system operations mkdir
#5160Preferred Languages82362k+Input is not sanitized
#5161Regenerate Thumbnails821091m+Direct Query
#5162Simple Page Ordering82119100k+Missing Arg Domain
#5163Image Slider Block8213143k+wp function not compatible with requires wp
#5164Sticky Content – Make Any Section Sticky on Scroll82249400Text Domain Mismatch
#5165Sucuri Security – Auditing, Malware Scanner and Security Hardening825111600k+Missing direct file access protection
#5166Tabs in Post Editor8247500Input is not validated
#5167Testimonial Block821312500wp function not compatible with requires wp
#5168Unyson WooComerce Shortcodes82117111k+Text Domain Mismatch
#5169Extra Price Fields for Woocommerce- Display extra price info on Woocommerce products826102k+Missing nonce verification
#5170WP Fail2Ban Redux821107k+trademarked term
#5171WP Mail From II82375k+trademarked term
#5172Xpro Theme Builder For Elementor – FREE82142810k+Missing direct file access protection
#5173Admin in English83471k+Input is not sanitized
#5174Check Conflicts8336121k+Missing Arg Domain
#5175Event Organiser Posterboard833111k+Nonce verification recommended
#5176AI Builder8335400Output is not escaped
#5177GET Params83381k+Nonce verification recommended
#5178HREFLANG Tags Management By Webnow83234600Non-prefixed global variable
#5179JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable83117k+Request data is not unslashed
#5180All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login8318222600wp function not compatible with requires wp
#5181Media Player Addons for Elementor – Audio and Video Widgets for Elementor83181k+Nonce verification recommended
#5182Menu Duplicator832910k+Non-prefixed constant
#5183Photo Sphere Viewer – 360° Panorama, Virtual Tour, 360 Video & AR 3D Model Viewer831310500wp function not compatible with requires wp
#5184Preserve Editor Scroll Position83264k+Missing nonce verification
#5185Relevanssi Light83323600Direct Query
#5186RumbleTalk Live Group Chat – HTML583913700Missing direct file access protection
#5187Lightweight Sidebar Manager83133680k+Non-prefixed class
#5188Soro – SEO Autopilot & AI Content Writer8341010k+Input is not sanitized
#5189Swipe Slider – Make dynamic slider with solid, gradient, or image background832153k+Non-prefixed global variable
#5190TCD Classic Editor831115k+Nonce verification recommended
#5191Team Section Block – Showcase Team Members with Layout Options831211k+Non-prefixed namespace
#5192Template Kit – Export837908k+Non-prefixed global variable
#5193Term Duplicator8356500Input is not sanitized
#5194Unlist Posts & Pages835910k+Nonce verification recommended
#5195SKU Label Changer For WooCommerce83811700Missing direct file access protection
#5196WP BASIC Auth834134k+Input is not sanitized
#5197Campo RUT para CF78467600Missing nonce verification
#5198Add Descendants As Submenu Items84382k+Missing nonce verification
#5199AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations8488203k+Text Domain Mismatch
#5200Cache Buster8456400Input is not sanitized