WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3551Unlimited Logo Carousel4028615500Text Domain Mismatch
#3552Upcoming Events Lists407517900Text Domain Mismatch
#3553Url Rewrite Analyzer407323400Unsafe printing function
#3554UsersWP – ReCaptcha4080173k+Text Domain Mismatch
#3555UTM Leads Tracker – XLPlugins402138400Output is not escaped
#3556Visibility Control for LearnDash4055231k+Missing Arg Domain
#3557Visibility Control for LearnPress405219700Missing Arg Domain
#3558Visma Pay for Woocommerce4027372k+Output is not escaped
#3559Visual Builder for Contact Form 7402043500Output is not escaped
#3560Visual Editor Custom Buttons4030484k+Output is not escaped
#3561WP Sticky Button – Click to Chat40736410k+Non-prefixed global variable
#3562Where Did You Hear About Us Checkout Field for WooCommerce4057661k+Output is not escaped
#3563WC Search Orders By Product404766800Nonce verification recommended
#3564Webo-facto401090800Input is not sanitized
#3565Weight Based Pricing for WooCommerce4016786600Text Domain Mismatch
#3566Widget Builder404052500Non-prefixed global variable
#3567Widget Menuizer404426600Missing Arg Domain
#3568Widget Visibility Without Jetpack4074475k+Text Domain Mismatch
#3569Widgets Control409247800Output is not escaped
#3570Payment Gateway – nexi Alpha Bank for WooCommerce4028451k+Missing nonce verification
#3571WPC Frequently Bought Together for WooCommerce406310910k+Output is not escaped
#3572Preview E-mails for WooCommerce40353730k+Unsafe printing function
#3573NP Quote Request for WooCommerce40911459k+Non-prefixed global variable
#3574Total Sales Counts for WooCommerce4012162700SQL query is not prepared
#3575yubikey-plugin406433400Text Domain Mismatch
#3576All In One SEO Pack for WooCommerce4057253k+Text Domain Mismatch
#3577Simple Registration for WooCommerce4027554k+Missing nonce verification
#3578WooSidebars404337100k+Missing Translators Comment
#3579Word Balloon402012510k+Request data is not unslashed
#3580WP Compress for MainWP402036700Output is not escaped
#3581Custom CSS/JS405834700Text Domain Mismatch
#3582WP Date and Time Shortcode40901210k+Output is not escaped
#3583WP Discord Invite407342400Unsafe printing function
#3584Easy PayPal & Stripe Buy Now Button403889610k+Unsafe printing function
#3585WP Help40495410k+Unsafe printing function
#3586WP All Import – Job Listing Import for WP Job Manager4035272k+Output is not escaped
#3587WP Keyword Suggest402941500Non Singular String Literal Domain
#3588Media Library Categories40294920k+Output is not escaped
#3589WP Meteor Website Speed Optimization Addon40341920k+Output is not escaped
#3590WP Multisite Content Copier/Updater4019144800Interpolated SQL is not prepared
#3591WP Paint – WordPress Image Editor4030296k+Missing Arg Domain
#3592QR code MeCard/vCard generator40322212k+Unsafe printing function
#3593WP Reroute Email401411061k+Output is not escaped
#3594Sentry for WordPress40804010k+Text Domain Mismatch
#3595Social Share Buttons & Analytics Plugin – GetSocial.io4097252k+Output is not escaped
#3596WP Tab Widget401283210k+Output is not escaped
#3597WP Theme Test4021397k+Input is not sanitized
#3598WPC Estimated Delivery Date for WooCommerce401310610k+Non-prefixed global variable
#3599WPC Force Sells for WooCommerce403897600Output is not escaped
#3600WPC Smart Price Filter for WooCommerce402362600Nonce verification recommended