WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2451WPCore Plugin Manager35118389k+Text Domain Mismatch
#2452WPD Beaver Builder Additions3540635600Non Singular String Literal Domain
#2453WP Views Counter3581422k+Output is not escaped
#2454WPFront User Role Editor3533357830k+Output is not escaped
#2455WPGraphQL IDE3538181k+Text Domain Mismatch
#2456wpLingua – Automatic translation – Translate and make website multilingual35791672k+Nonce verification recommended
#2457WPPerformanceTester3594441k+Output is not escaped
#2458WPZOOM Addons for Elementor – Starter Templates & Widgets3516013020k+Output is not escaped
#2459WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress357410910k+Nonce verification recommended
#2460WPZOOM Portfolio Lite – Filterable Portfolio Plugin35429220k+Non-prefixed global variable
#2461Writesonic3514161k+Non-prefixed global variable
#2462WSB HUB335361091k+Missing nonce verification
#2463xili-tidy-tags352241571k+Output is not escaped
#2464XServer Migrator35395310k+Interpolated SQL is not prepared
#2465TypeSquare Webfonts for エックスサーバー3518398100k+Missing Arg Domain
#2466Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts35481145k+Non-prefixed hook name
#2467Yes/No Chart351361392k+Unsafe printing function
#2468YML for Yandex Market351828810k+Non-prefixed global variable
#2469Year Make Model Search for WooCommerce351881621k+Output is not escaped
#2470Yoco Payments3523210k+Nonce verification recommended
#2471Yotpo: Product & Photo Reviews for WooCommerce35241892k+Non-prefixed function
#2472Embeds for YouTube3525530710k+Non-prefixed global variable
#2473Ziina354252k+Input is not sanitized
#24742C2P Redirect API for WooCommerce3613662900wp function not compatible with requires wp
#24753B Meteo3650761k+Output is not escaped
#2476Advanced Export for WP & WPMU3612455700Output is not escaped
#2477Age Verification for your checkout page. Verify your customer's identity36155238500Output is not escaped
#2478Asesor de Cookies RGPD para normativa europea36949120k+wp function not compatible with requires wp
#2479Awesome GDPR Compliant Cookie Consent and Notice36653201500Text Domain Mismatch
#2480Bard Extra3615876700Text Domain Mismatch
#2481Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder36332210k+Nonce verification recommended
#2482Blaze Demo Importer36101948k+Output is not escaped
#2483BlockStrap Page Builder – Bootstrap Blocks3681892k+Missing direct file access protection
#2484Blog, Posts and Category Filter for Elementor36159551k+Text Domain Mismatch
#2485BP Disable Activation Reloaded3614728800Output is not escaped
#2486BP Group Documents3627195600Non-prefixed global variable
#2487BP Profile Search36321855k+Output is not escaped
#2488bpost shipping369743700Output is not escaped
#2489Breadcrumb NavXT36102111800k+Non Singular String Literal Domain
#2490Bulgarisation for WooCommerce361355945k+Nonce verification recommended
#2491WOLF – WordPress Posts Bulk Editor and Manager Professional3615744k+Request data is not unslashed
#2492Bulk Post Update Date36966610k+Unsafe printing function
#2493Bus Ticket Booking with Seat Reservation36145192800Non-prefixed global variable
#2494Better WordPress Recent Comments3631969600Text Domain Mismatch
#2495Carousel Ultimate36450284700Text Domain Mismatch
#2496Carousel Horizontal Posts Content Slider36271592k+Text Domain Mismatch
#2497Cashflows for WooCommerce3611936600Text Domain Mismatch
#2498Simple SEO3616411310k+Non Singular String Literal Domain
#2499Contact Form 7 Gated Content3612236800Short PHP open tag found
#2500Multi Step for Contact Form 7366110610k+Missing nonce verification