WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3901Ultimate Category Excluder42222650k+Missing nonce verification
#3902Ultimate Coming Soon Page, Maintenance Mode & Under Construction – Gutenberg Block Builder & Landing Page4215899k+Non-prefixed global variable
#3903UniConsent Cookie Consent CMP – Consent Manager42148181k+Unsafe printing function
#3904UPI QR Code Payment Gateway42179281k+Text Domain Mismatch
#3905Usermaven4236771k+Request data is not unslashed
#3906Vast Demo Import42180113600Text Domain Mismatch
#3907WC Speed Repair4234741k+Non-prefixed global variable
#3908WebPlanex: GST Invoice India426363400Text Domain Mismatch
#3909Widget Visibility Time Scheduler4270341k+Output is not escaped
#3910Auto Coupons for WooCommerce4282684k+Output is not escaped
#3911WPC Order Notes for WooCommerce422441900Output is not escaped
#3912TT Extra Fee Option for WooCommerce4237191k+Output is not escaped
#3913Dynamic Remarketing for Google Ads and WooCommerce4232152k+Output is not escaped
#3914WP Author Security424013500Output is not escaped
#3915WP Child Theme Generator42356620k+Request data is not unslashed
#3916WP Content Copy Protection & No Right Click42126135100k+Unsafe printing function
#3917WP Cron Cleaner425138500Unsafe printing function
#3918WP Media Category Management42101766k+Nonce verification recommended
#3919WP Post Redirect4229173k+Unsafe printing function
#3920WP QuickLaTeX4241604k+Non-prefixed global variable
#3921WP Responsive Table4242106k+Output is not escaped
#3922WPB Custom Tab Manager for WooCommerce – Add, Edit & Reorder Tabs429532500Output is not escaped
#3923WPTerm4261893k+Output is not escaped
#3924Yandex.Metrika421520900Unsafe printing function
#3925Zotpress42104032k+Non-prefixed global variable
#3926AddFunc Head & Footer Code43281820k+Output is not escaped
#3927Admin Custom Login4323820k+Request data is not unslashed
#3928Admin Menu Tree Page View43176910k+Nonce verification recommended
#3929Advanced FAQ Manager438592k+Input is not sanitized
#3930Advanced TinyMCE Configuration4399810k+Text Domain Mismatch
#3931AdWords Conversion Tracking Code4326251k+Non Singular String Literal Domain
#3932Schema – All In One Schema Rich Snippets4360118830k+Text Domain Mismatch
#3933Animation Builder – An interface for adding scroll-triggered animations43767800Missing Version
#3934Anonymous Restricted Content4322241k+Unsafe printing function
#3935Anti-spam Reloaded4319192k+Output is not escaped
#3936Auto Alt Text4352134k+Exception output is not escaped
#3937BMI Adult & Kid Calculator4333138700Request data is not unslashed
#3938Category Editor4354188k+Unsafe printing function
#3939Charla Live Chat433313500Output is not escaped
#3940Click to Call or Chat Buttons434761k+Output is not escaped
#3941Comment Reply Email Notification4344193k+Output is not escaped
#3942Simple Mortgage Calculator436731k+Text Domain Mismatch
#3943Custom Menu438311400wp function not compatible with requires wp
#3944Customize Login Image433293k+Unsafe printing function
#3945Customize Snapshots43942500Nonce verification recommended
#3946Database Addon For WPForms ( wpforms entries ) – WPFormsDB43175320k+Nonce verification recommended
#3947Directorist – WPML Integration4310134400Non-prefixed hook name
#3948Disable Gutenberg432347500k+Nonce verification recommended
#3949Disable WP Notification43742510k+Output is not escaped
#3950Easy PayPal Shopping Cart4319401k+Input is not sanitized