WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1451Stackable – Page Builder Gutenberg Blocks3147790100k+Non Singular String Literal Domain
#1452Team Builder – Team Member Showcase With Grid and slider, Compatible With Elementor, Gutenberg314592827k+Non Singular String Literal Domain
#1453WP Testimonials3118345510k+Non-prefixed global variable
#1454Themify Store Locator31244125500Text Domain Mismatch
#1455Tutor LMS Elementor Addons3122745330k+Non-prefixed global variable
#1456Big File Uploads – Increase Maximum File Upload Size3110192100k+Output is not escaped
#1457Ultimate Posts Widget313098610k+Output is not escaped
#1458User Spam Remover31115141k+Output is not escaped
#1459Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification312888422k+Missing nonce verification
#1460Web Push Notifications – Webpushr3116929310k+Output is not escaped
#1461Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets31837295100k+Unsafe printing function
#1462WooCommerce Legacy REST API31324177400k+Missing Translators Comment
#1463Tooltips for WordPress313122525k+Output is not escaped
#1464Worldline Global Online Pay for WooCommerce3116086500Missing direct file access protection
#1465Discussion Board – WordPress Forum Plugin311051532k+Request data is not unslashed
#1466WP Easy Uploader31202113600Non Singular String Literal Domain
#1467HireZoot – Job Listings, Career Page & Recruitment Tool311455540k+Non-prefixed global variable
#1468WP Simple Booking Calendar3133738020k+Output is not escaped
#1469WP Visitor Statistics (Real Time Traffic)3135369120k+Nonce verification recommended
#1470WP125311781843k+Unsafe printing function
#1471Hosting Benchmark tool312021154k+rand rand
#1472One to one user Chat by WPGuppy3174187700Non-prefixed global variable
#1473WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite31133438600Non-prefixed global variable
#1474YAHMAN Add-ons314681411k+Output is not escaped
#1475YML for Yandex Market313729310k+Non-prefixed global variable
#1476Zendesk Support for WordPress31195882k+Output is not escaped
#1477ACME Divi Modules3257335400Text Domain Mismatch
#1478ActiveDEMAND321571611k+Output is not escaped
#1479Affiliate Coupons – Coupon Display Manager – Excellent Tool for Affiliate Marketers32183611k+Output is not escaped
#1480All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier32325102600Missing Arg Domain
#1481annasta Filters for WooCommerce321,0734412k+Text Domain Mismatch
#1482Aqua Page Builder323201143k+Output is not escaped
#1483Author Avatars List/Block32851354k+Non-prefixed hook name
#1484Speed Kit32296732k+Output is not escaped
#1485Better Chat Support for Messenger32731031k+Interpolated SQL is not prepared
#1486Better Robots.txt – AI-Ready Crawl Control & Bot Governance3255835k+error log error log
#1487Bosa Elementor Addons and Templates for WooCommerce324016520k+slow db query tax query
#1488BP Classic326642166k+Unsafe printing function
#1489BuddyPress for LearnDash321902841k+Output is not escaped
#1490Quantity Discounts, Breaks & Product Bundles for Woocommerce By Bundler32147319400Direct Query
#1491Child Theme Configurator32442267300k+Unsafe printing function
#1492Code Manager32217261500Nonce verification recommended
#1493Vimeotheque – Vimeo WordPress Plugin & Video Gallery326422642k+Unsafe printing function
#1494Color and Image Swatches for Variable Product Attributes321731111k+Output is not escaped
#1495Ultimate WooCommerce Filters32322207600Unsafe printing function
#1496Contact Form Block326477500Non Singular String Literal Domain
#1497Contact Form Builder by vcita32666174700Text Domain Mismatch
#1498Cooked – Recipe Management324622753k+Output is not escaped
#1499CSV Import and Exporter32831381k+Non-prefixed global variable
#1500Currency Switcher for WooCommerce3235726310k+Text Domain Mismatch