WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1251Page Restrict for WooCommerce29579374700Text Domain Mismatch
#1252Page View Count2910824710k+Dynamic hook name
#1253PhastPress29955210k+Exception output is not escaped
#1254PlatiOnline Payments29304110700Output is not escaped
#1255Pósturinn\'s Shipping with WooCommerce29713551500Text Domain Mismatch
#1256Recipe Card Blocks Lite2915140810k+Non-prefixed global variable
#1257Responder29771853k+Non-prefixed global variable
#1258SamedayCourier Shipping293362694k+Non Singular String Literal Domain
#1259Security Ninja – WordPress Security & Firewall291493477k+Direct Query
#1260Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce291482465k+Unsafe printing function
#1261Slider by BestWebSoft29478336400Text Domain Mismatch
#1262SQLite Database Integration29161893k+Exception output is not escaped
#1263BuddyPress Builder for Elementor – BuddyBuilder293483291k+Text Domain Mismatch
#1264ووسلام – همگام سازی ووکامرس و باسلام291926114k+Non-prefixed global variable
#1265Themify Popup292321088k+Text Domain Mismatch
#1266Themify – WooCommerce Product Filter2964314520k+Output is not escaped
#1267Tilda-publishing2921978700Output is not escaped
#1268Post Grid Gutenberg Blocks – PostX2913540440k+Non-prefixed global variable
#1269Ultimate Auction for WooCommerce – Excellent WP Auction Plugin29525232k+Non-prefixed global variable
#1270User Verification by PickPlugins29413145k+Request data is not unslashed
#1271Visualizer – Tables & Charts Manager with Built-in AI Generator2934833120k+Output is not escaped
#1272Wenprise Alipay Gateway For WooCommerce2911368700Exception output is not escaped
#1273Widget for Yelp Reviews291471582k+Output is not escaped
#1274Product Carousel Slider & Grid Ultimate for WooCommerce297191226k+Text Domain Mismatch
#1275Sofortueberweisung Gateway for Woocommerce2910471700Output is not escaped
#1276Global Payments SecureSubmit Gateway29199443600Non-prefixed class
#1277Woostify Sites Library2922919820k+Text Domain Mismatch
#1278WP Popular Posts2977300100k+Non-prefixed global variable
#1279WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics291181285k+Output is not escaped
#1280WP Magazine Modules Lite291526745k+Non-prefixed global variable
#1281WP-PostRatings2942538430k+Output is not escaped
#1282WP Subscribe2979798k+Non-prefixed class
#1283WPComplete293833331k+Output is not escaped
#1284Xagio SEO – AI Powered SEO2921,27310k+Direct Query
#1285XML for Google Merchant Center29523123k+Non-prefixed global variable
#1286Xpro Addons — 140+ Widgets for Elementor292782630k+Non-prefixed global variable
#1287Dynamic Pricing With Discount Rules for WooCommerce301361315k+Output is not escaped
#1288PublishPress Blocks – Block Controls, Block Visibility, Block Permissions3025134020k+Unsafe printing function
#1289Aitasi Coming Soon305161861k+Output is not escaped
#1290Analytics Insights – Google Analytics Dashboard for WordPress3024117010k+Unsafe printing function
#1291ApplyOnline – Application Form Builder and Manager303452442k+Output is not escaped
#1292Contact Form 7 Connector303241965k+Text Domain Mismatch
#1293Arile Extra3053757010k+Non-prefixed global variable
#1294aThemes Starter Sites3026219540k+Text Domain Mismatch
#1295AutoWP – AI Content Writer & Rewriter305483701k+Text Domain Mismatch
#1296Private groups305833161k+Unsafe printing function
#1297Blockons – Gutenberg blocks for WordPress and WooCommerce websites3069205700Non-prefixed global variable
#1298BrightEdge Autopilot3010831500curl curl setopt
#1299Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster3030643430k+Non-prefixed global variable
#1300Classic Addons – WPBakery Page Builder301,2452633k+Text Domain Mismatch