WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2301Post Content Shortcodes35205562k+Output is not escaped
#2302Post Draft Preview354969700Text Domain Mismatch
#2303Post List Featured Image35112100900Output is not escaped
#2304Post Meta Data Manager35301121k+Non-prefixed global variable
#2305Post Password Token3513238600Text Domain Mismatch
#2306Posts Table with Search & Sort35143333k+Text Domain Mismatch
#2307PrettyLinks – Affiliate Link Management, URL Shortener, Link Cloaking, Tracking & Branded Short Links3515200k+Database parameter is not escaped
#2308Product Input Fields for WooCommerce3518844k+Non-prefixed function
#2309Min Max Step Quantity Limits Manager for WooCommerce35671583k+Non-prefixed global variable
#2310Protect the Children!352341k+Missing nonce verification
#2311Publitio354726400curl curl setopt
#2312Push Notifications by LaraPush3532765k+Non-prefixed global variable
#2313Push7354517700Short PHP open tag found
#2314QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly352251108k+Non Singular String Literal Domain
#2315Quran multilanguage Text & Audio35177166500Output is not escaped
#2316ReactPress – Create React App for WordPress3526433k+Request data is not unslashed
#2317Real Time Validation for Gravity Forms35185302k+Output is not escaped
#2318Really Simple Google Tag Manager (GTM)35115154k+Text Domain Mismatch
#2319Related Posts by Taxonomy351319710k+Output is not escaped
#2320Related Posts for WordPress3520718010k+Output is not escaped
#2321Remove Dashboard Access35162330k+wp function not compatible with requires wp
#2322ReOrder Posts within Categories35392077k+Non-prefixed global variable
#2323WP Responsive Tabs horizontal vertical and accordion Tabs355982122k+Output is not escaped
#2324Reveal IDs35231340k+Output is not escaped
#2325Robots.txt rewrite3556191k+Output is not escaped
#2326sCode (Easy Shortcodes)3515797400Text Domain Mismatch
#2327Scroll Styler355221900Output is not escaped
#2328Internal Links Manager3518812110k+Output is not escaped
#2329Security Optimizer – The All-In-One Protection Plugin3540861m+Input is not sanitized
#2330Shipping Zones by Drawing for WooCommerce3527895600Text Domain Mismatch
#2331Shopkeeper Extender3514265k+Missing Version
#2332Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant3583762k+Output is not escaped
#2333SHOPVOTE356458400curl curl setopt
#2334Shortcake (Shortcode UI)3593910k+Request data is not unslashed
#2335Simple CAPTCHA with Cloudflare Turnstile3582148100k+Output is not escaped
#2336Simple Export Import for ACF Data3519641k+Request data is not unslashed
#2337Simple Image Sizes35537560k+Unsafe printing function
#2338Simple Yearly Archive35102366k+Unsafe printing function
#2339Simple Analytics3525201k+Output is not escaped
#2340SiteGround Migrator351137480k+Missing Arg Domain
#2341Slick Slider353692k+Output is not escaped
#2342SiteOrigin CSS356184100k+Not In Footer
#2343WPZOOM Connect: Social Icons Widget, Share Buttons & Click to Chat35283190k+Input is not sanitized
#2344Quiz Maker, Poll Maker & Survey Maker by Opinion Stage3542326k+Output is not escaped
#2345Spacious Toolkit354894700Non-prefixed global variable
#2346Speedy Page Redirect356101k+Output is not escaped
#2347Spots3519549800Output is not escaped
#2348Spreadshop Plugin35145444k+wp function not compatible with requires wp
#2349Square Thumbnails3543317800error log error log
#2350SSL Insecure Content Fixer352860100k+Input is not sanitized