WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4101WPB Category Slider for WooCommerce – Responsive Product Category Carousel & Enhanced UX4610116700Non Singular String Literal Domain
#4102WP All Import – Import SEO Settings for Yoast SEO46192620k+Nonce verification recommended
#4103Zoho Mail for WordPress46294820k+Request data is not unslashed
#4104AffiliateWP Checkout Referrals474826600Output is not escaped
#4105Avacy CMP47590500Non-prefixed global variable
#4106Verified Member for BuddyPress4720383k+Nonce verification recommended
#4107404 Image Redirection (Replace Broken Images)4711885600Text Domain Mismatch
#4108Cashfree for WooCommerce4721218k+Nonce verification recommended
#4109Better Badge – Custom Product Badges for WooCommerce472247500Non Singular String Literal Domain
#4110Customizer Export/Import471415100k+Unsafe printing function
#4111Delete Duplicate Posts4795010k+Direct Query
#4112DPO Pay for WooCommerce4728411k+Non Singular String Literal Text
#4113EasyFonts – Host Google Fonts Locally, Fast & Auto-Optimize, GDPR Compliant475581k+Interpolated SQL is not prepared
#4114Show IDs by Echo4721132k+Output is not escaped
#4115Extended CRM for Users Insights471123400Missing nonce verification
#4116Flying Pages: Preload Pages for Faster Navigation & Improved User Experience47212120k+Missing direct file access protection
#4117FSM Custom Featured Image Caption4726275k+Output is not escaped
#4118Groups 404 Redirect4735331k+Non Singular String Literal Domain
#4119KCSG Kartra Pages473016500Heredoc Output Not Escaped
#4120Product Categories/Tags Bottom Description for WooCommerce4760233k+Text Domain Mismatch
#4121Restore PayPal Standard for WooCommerce4719533k+Nonce verification recommended
#4122Simple Custom Post Order47976300k+Direct Query
#4123SportsPress for Baseball4711334900Text Domain Mismatch
#4124Tabby Checkout4733464k+Non-prefixed class
#4125The Tribal Plugin474362700Non-prefixed function
#4126Userback4713202k+Output is not escaped
#4127Simple Client Dashboard4738362k+Missing direct file access protection
#4128Website Article Monetization By MageNet47172410k+Output is not escaped
#4129Better Usability for WooCommerce473093800Non-prefixed hook name
#4130WP Custom Author URL4716385k+Non-prefixed global variable
#41313CX Free Live Chat, Calls & Messaging472416100k+Output is not escaped
#4132WP PHP Console471824500Output is not escaped
#4133WP Prefix Changer472716900Missing Arg Domain
#4134QuadLayers TikTok Feed4778527k+Text Domain Mismatch
#4135Post Status Notifications4798411k+Text Domain Mismatch
#4136Compress, Resize & Lazy Load Images – WPvivid Image Optimization471075810k+Missing direct file access protection
#4137Add-on WooCommerce – MailPoet 3483021600Output is not escaped
#4138Add Polylang support for Customizer4818202k+Nonce verification recommended
#4139Ansar Import – One Click Starter Sites – for Elementor & Themes482711610k+Non-prefixed global variable
#4140AnWP Post Grid and Post Carousel Slider for Elementor4875817120k+Text Domain Mismatch
#4141BP Simple Private481912500Output is not escaped
#4142Comment Notifier481055400Non-prefixed global variable
#4143Convertful – Your Ultimate On-Site Conversion Tool4815343k+wp function not compatible with requires wp
#4144CookieFox – Cookie Notice481419400Output is not escaped
#4145Current Menu Item for Custom Post Types4818302k+Non-prefixed global variable
#4146Custom Background Extended481323800Input is not validated
#4147Custom Header Extended4819111k+Unsafe printing function
#4148Custom Related Products for WooCommerce4825105k+Text Domain Mismatch
#4149Easy Share Solution For WordPress481533900Output is not escaped
#4150Filter Page by Template4817202k+Nonce verification recommended