WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2651Yandex.Metrica36763060k+Output is not escaped
#2652WPAvatar3642545700Unsafe printing function
#2653WP fail2ban Blocklist3661633k+SQL query is not prepared
#2654WPLMS H5P361111061k+Text Domain Mismatch
#2655Wppao Sitemap36128219k+Output is not escaped
#2656wpShopGermany IT-RECHT KANZLEI363747500Input is not sanitized
#2657YayExtra – WooCommerce Extra Product Options36114721k+Non-prefixed global variable
#2658Visual CSS Style Editor3628323340k+Output is not escaped
#2659Custom Product Tabs for WooCommerce36878180k+Output is not escaped
#2660360 Javascript Viewer37144221k+Output is not escaped
#2661Redirectioner372344101k+Output is not escaped
#2662ACF: TablePress37160451k+Text Domain Mismatch
#2663Adapta RGPD373497240k+Text Domain Mismatch
#2664Adaptive Images for WordPress3751753k+Output is not escaped
#2665Add From Server37522060k+Output is not escaped
#2666AddToAny Share Buttons37123164300k+Unsafe printing function
#2667Add to Cart Redirect for WooCommerce372151418k+Text Domain Mismatch
#2668Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs37393610k+Missing direct file access protection
#2669PiWeb Advanced Flat rate / Conditional shipping for WooCommerce37841922k+wp function not compatible with requires wp
#2670Agreeable374067800Unsafe printing function
#2671AJAX Hits Counter + Popular Posts Widget3724744900Output is not escaped
#2672Analytics Spam Blocker377622800Unsafe printing function
#2673Antom Payments376273800badly named files
#2674All-in-one Chat Button by anychat.one3711969900Text Domain Mismatch
#2675Anything Popup371641852k+Non-prefixed global variable
#2676Apaczka: integracja z WooCommerce3783163k+Non-prefixed global variable
#2677Login by Auth0373078210k+Text Domain Mismatch
#2678authLdap3746304k+Exception output is not escaped
#2679avalex – Automatisch sichere Rechtstexte3725851k+Direct Query
#2680AZAN Plugin374430500Output is not escaped
#2681Banhammer – Monitor Site Traffic, Block Bad Users and Bots371041741k+Output is not escaped
#2682Custom Thank You Page Customize For WooCommerce by Binary Carpenter3745802k+error log error log
#2683Better Click To Share – Shareable Quote Boxes for X (Twitter)37170596k+Unsafe printing function
#2684Blimply3717243800Text Domain Mismatch
#2685Blog News Addons For Elementor (News, Magazine and Blog Addons)3723296400Non-prefixed global variable
#2686Customize WordPress Emails and Alerts – Better Notifications for WP37644730k+Missing Arg Domain
#2687Booster Extension37282897k+Non-prefixed global variable
#2688Britetechs Companion379666132k+Text Domain Mismatch
#2689BuddyPress Members Only37184801k+Text Domain Mismatch
#2690bunny.net – WordPress CDN Plugin3716515910k+Output is not escaped
#2691Delivery Date Time & Pickup for WooCommerce37148216400Output is not escaped
#2692Catalog Booster & Product Catalog Mode for WooCommerce371061681k+Non-prefixed function
#2693Checkout for PayPal3713467600Unsafe printing function
#2694Clearpay Gateway for WooCommerce37185631k+Text Domain Mismatch
#2695ClickCease Click Fraud Protection37305810k+Non-prefixed class
#2696ClickRank – Ai SEO Automation37102261k+Direct Query
#2697CodePeople Post Map for Google Maps37257313k+Unsafe printing function
#2698Lightweight Subscribe To Comments37105701k+Unsafe printing function
#2699PiWeb Conditional cart fee / Extra charge rule for WooCommerce371642142k+Text Domain Mismatch
#2700Constant Contact Forms by MailMunch37147532k+wp function not compatible with requires wp