WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3251Taxonomy Thumbnail3927583k+Non-prefixed function
#3252Shared Files – File Upload & Download Manager3951844k+Nonce verification recommended
#3253Shipping by Rules for WooCommerce3913048500Output is not escaped
#3254Shipping Simulator for WooCommerce39120395k+Text Domain Mismatch
#3255Show All Comments3910892400Nonce verification recommended
#3256Simpaisa Wallet (Jazzcash & Easypaisa) Payment Services3967741k+Interpolated Variable Text
#3257Simple Membership WP user Import3922464k+Request data is not unslashed
#3258Simple Posts Ticker – Easy, Lightweight & Flexible39151282k+Output is not escaped
#3259Simple Staff List39902363k+Non-prefixed global variable
#3260SimpleModal Login395012700Unsafe printing function
#3261SKP WP Admin Login Captcha3977181k+Output is not escaped
#3262Slash Admin3911638500Output is not escaped
#3263Slideshow SE39352402k+Non-prefixed global variable
#3264Smaily for WP395236600Output is not escaped
#3265Smart Archives Reloaded3978361k+Non Singular String Literal Domain
#3266SMTP395415700Non Singular String Literal Domain
#3267Solid Post Likes399652500Text Domain Mismatch
#3268Soumettre.fr391302610k+Text Domain Mismatch
#3269Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate3942226500Request data is not unslashed
#3270Stock Ticker3992492k+Output is not escaped
#3271Stockdio Historical Chart396516900Output is not escaped
#3272Substack Importer3933331k+Missing nonce verification
#3273Sydney Toolbox39846250k+Unsafe printing function
#3274Sync Post With Other Site39179213k+Non Singular String Literal Domain
#3275Tabify Edit Screen398327500Output is not escaped
#3276Tawk.To Manager3920421600Output is not escaped
#3277Easy Category Icons395043700Text Domain Mismatch
#3278ThemeKit For WordPress3914949700Output is not escaped
#3279OpenHook39172221k+Unsafe printing function
#3280TinyMCE Custom Styles39297767k+Non Singular String Literal Domain
#3281TinyMCE Spellcheck3927322k+Unsafe printing function
#3282TomS reCAPTCHA39128256500Missing nonce verification
#3283Traffic Monitor3961431k+Direct Query
#3284UiChemy — Figma Converter for Elementor, Gutenberg and Bricks3971009k+Nonce verification recommended
#3285Ultimate Client Dash39697122k+Text Domain Mismatch
#3286Ultimate Lightbox39110591k+Unsafe printing function
#3287Unlimited Background Slider396653600Output is not escaped
#3288upPrev3935361k+Dynamic hook name
#3289Uptolike Social Share Buttons3938334k+Output is not escaped
#3290Use Any Font | Custom Font Uploader393655200k+Request data is not unslashed
#3291User Blocker3962763k+Nonce verification recommended
#3292UserHeat Plugin39121206k+Non Singular String Literal Domain
#3293Accessibility by UserWay39223580k+Direct Query
#3294Smart Variation Swatches and Attribute Filters for WooCommerce3939503k+Output is not escaped
#3295Video Blogster Lite392980700Missing nonce verification
#3296Virtuaria Correios – Frete, Etiqueta, Rastreio e Declaração391881500Nonce verification recommended
#3297Virusdie | One-click website security39149662k+Output is not escaped
#3298Visual Portfolio, Photo Gallery & Post Grid393418960k+Non-prefixed hook name
#3299BeGateway Payment Gateway for WooCommerce395744400Unsafe printing function
#3300Payments via PayMongo for WooCommerce3936811k+Nonce verification recommended