WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3951Easy PayPal Shopping Cart4319401k+Input is not sanitized
#3952Email Notification on Login433371k+Unsafe printing function
#3953F4 Total Stock Value for WooCommerce4327121k+Output is not escaped
#3954Floating Awesome Button (Sticky Button, Popup, Toast) & 200+ Website Custom Interactive Element4366109800Missing direct file access protection
#3955GD bbPress Tools4315611k+Input is not sanitized
#3956Per User Prompt for Google Authenticator43852400Nonce verification recommended
#3957Event Tracking for Gravity Forms43342520k+rand mt rand
#3958Insert Blocks Before or After Posts Content4342151k+Output is not escaped
#3959Linker – URL shortener & track outbound link clicks4317172k+Output is not escaped
#3960Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase432225510k+Non-prefixed global variable
#3961Make Tables Responsive43311026k+Input is not validated
#3962MembershipWorks Login Connector432881800Request data is not unslashed
#3963Opal Woo Custom Product Variation431116400Non-prefixed global variable
#3964Page Transition433930700Output is not escaped
#3965Pods Gravity Forms Add-On43791k+Missing nonce verification
#3966Purchase Orders for WooCommerce43117741k+Text Domain Mismatch
#3967reCAPTCHA for MW WP Form43371430k+Non Singular String Literal Domain
#3968Redirect List4334221k+Output is not escaped
#3969Reoon Email Verifier432238600Missing nonce verification
#3970Rut Chileno con Validación para WooCommerce4335161k+Text Domain Mismatch
#3971Simple Revisions Delete43162610k+Output is not escaped
#3972Simple Shipping Labels for WooCommerce4378121k+Output is not escaped
#3973Simple Side Tab43281710k+Unsafe printing function
#3974Sinbyte Indexer4361192k+Text Domain Mismatch
#3975Smart App Banner434749600Output is not escaped
#3976Snazzy Maps4396230k+Request data is not unslashed
#3977Team Builder Member Showcase43141271k+Non-prefixed global variable
#3978Term Management Tools4392610k+Non-prefixed hook name
#3979Terms Order WP – Categories And Taxonomies Order Plugin431247900Non-prefixed global variable
#3980Theme Switcha – Easily Switch Themes for Development and Testing4342537k+Output is not escaped
#3981Theme Test Drive4339167k+Output is not escaped
#3982Uber reCaptcha43129451k+Text Domain Mismatch
#3983UPI QR Code Payment Gateway for WooCommerce43422820k+Output is not escaped
#3984User role based shipping methods43537400Output is not escaped
#3985User Role Editor43117145700k+Output is not escaped
#3986User Session Control433121700Output is not escaped
#3987VA Simple Expires432531800Output is not escaped
#3988Sovrn439291k+Input is not sanitized
#3989WIP Custom Login432137700Nonce verification recommended
#3990Checkout Field Manager (Checkout Manager) for WooCommerce4316115480k+Non-prefixed global variable
#3991WP Extra File Types43112640k+Request data is not unslashed
#3992WP Hotel Booking Stripe Payment433429400Text Domain Mismatch
#3993WP Hotel Booking WPML Support431052400Direct Query
#3994WP SmartCrop4343124k+Output is not escaped
#3995Active Campaign & Contact Form 74340273k+Output is not escaped
#3996Admin login URL Change4438112k+Output is not escaped
#3997Advanced Custom Fields: oEmbed Field4436131k+Text Domain Mismatch
#3998Advanced Dynamic Pricing and Discount Rules for WooCommerce44281320k+Non-prefixed namespace
#3999BBQ Firewall – Fast & Powerful Firewall Security441717100k+Output is not escaped
#4000Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button44247150k+Non-prefixed constant