WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Input is not sanitized

Request data is used without being cleaned for the expected type or format.

critical weight

Why It Shows Up

The scan found superglobal input flowing into code without a sanitizer such as `sanitize_text_field()`, `absint()`, `sanitize_key()`, `esc_url_raw()`, or a custom allowlist.

Why It Matters

Unsanitized input can pollute stored settings, alter logic, break queries, or become part of a later security issue.

How to Fix

  • Unslash request data with `wp_unslash()` first.
  • Choose the sanitizer for the expected value, such as `absint()` for IDs or `sanitize_key()` for keys.
  • Use allowlists for actions, sort fields, file names, option names, and other constrained values.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#4801Debug6925342k+Input is not sanitized
#4802Disable Users691192k+Text Domain Mismatch
#4803DOKU Payment695346500wp function not compatible with requires wp
#4804ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic)69511514k+Text Domain Mismatch
#4805ELEX WooCommerce Discount Per Payment Method6960391k+Text Domain Mismatch
#4806Embed Iframe692562k+wp function not compatible with requires wp
#4807GDPR Compliance for Mailchimp697152k+Missing nonce verification
#4808Google Plus Authorship696151k+trademarked term
#4809GZSEO69366400Direct Query
#4810简数采集器695251k+Request data is not unslashed
#4811Mailster WordPress Newsletter Plugin6914118k+Output is not escaped
#4812Media Slider for Photos Images Videos6910232k+Missing Version
#4813PDF.js Viewer69143820k+Non-prefixed global variable
#4814Rename Taxonomies by WebMan693271k+Missing Arg Domain
#4815Scroll Down Arrow693030800Missing Arg Domain
#4816Search & Filter69212850k+Input is not sanitized
#4817Simple Login Lockdown691364k+Output is not escaped
#4818SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)69179527k+Non-prefixed global variable
#4819Sticky Header Effects for Elementor6935471300k+Text Domain Mismatch
#4820Easy Username Updater69192810k+Missing Arg Domain
#4821VWE – Voorheen Autodealers.nl692310500curl curl setopt
#4822WC Variations Radio Buttons6912213k+Non-prefixed global variable
#4823WP Mapa Politico España693212400Output is not escaped
#4824WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics)69924700Non-prefixed constant
#4825Zapper Payments691111600Output is not escaped
#4826Add Widget After Content706117k+Setting is missing a sanitization callback
#4827Checkfront Online Booking System7032162k+wp function not compatible with requires wp
#4828Comment Form CSRF Protection70710500Request data is not unslashed
#4829Comment Form Js Validation702382k+Missing Arg Domain
#4830Lead info with country for Contact Form 77025283k+Text Domain Mismatch
#4831ConvertCalculator: Build Cost, Price, Quotation, ROI Interactive Calculators70912800Output is not escaped
#4832Gutenberg Blocks Templates – 50+ Free Gutenberg Block Designs70223700Request data is not unslashed
#4833Easy Hotel – Powerful Hotel Booking7041,900800Non-prefixed global variable
#4834fitness calculators709425600Missing Arg Domain
#4835Free Gift Product For WooCommerce70977800Non-prefixed global variable
#4836Host Header Injection Fix7098400Output is not escaped
#4837Multipart robots.txt editor701981k+Output is not escaped
#4838PipraPay Gateway70116400Output is not escaped
#4839Portfolio Post Type7071150k+Nonce verification recommended
#4840Press This701445k+Non-prefixed hook name
#4841Remove Taxonomy Base Slug7012185k+Deprecated parameter: get_terms parameter 2
#4842Search and Replace707910k+Input is not sanitized
#4843Show-Hide / Collapse-Expand70181510k+Missing direct file access protection
#4844Show IP address706201k+Input is not sanitized
#4845Simple Post Notes705169k+Request data is not unslashed
#4846Spocket ‑ US & EU Dropshipping7015311k+Direct Query
#4847SQL Executioner7018172k+Non-prefixed global variable
#4848SubHeading7022131k+Non Singular String Literal Domain
#4849Support Me70126900Unsafe printing function
#4850Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.7031,4463k+Non-prefixed global variable