WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
Pair state-changing requests with nonce and capability checks.
Reject or safely default values that do not pass validation.

References

WordPress validating, sanitizing, and escaping WordPress nonces

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#201	WP Fusion Lite – Marketing Automation and CRM Integration for WordPress	22	276	683	5k+	8 years ago	2 months ago	Nonce verification recommended
#202	WP Umbrella: Update Backup Restore & Monitoring	22	915	905	70k+	6 years ago	13 days ago	Exception output is not escaped
#203	Wp-Insert	22	267	301	10k+	17 years ago	3 years ago	Output is not escaped
#204	WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript	22	164	257	9k+	12 years ago	1 month ago	Non-prefixed constant
#205	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	22	287	1,432	20k+	15 years ago	4 days ago	Non-prefixed global variable
#206	WPBITS Addons For Elementor Page Builder	22	996	1,399	2k+	6 years ago	5 months ago	Non-prefixed global variable
#207	WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell	22	5,996	2,790	6k+	5 years ago	5 days ago	Text Domain Mismatch
#208	School Management System – WPSchoolPress	22	314	5,220	1k+	7 years ago	7 days ago	Non-prefixed global variable
#209	WPSSO Core – Complete Schema Markup and Meta Tags	22	1,407	412	5k+	12 years ago	8 days ago	Missing Translators Comment
#210	ЮKassa для WooCommerce	22	591	168	9k+	6 years ago	26 days ago	Short PHP open tag found
#211	Recipe Cards For Your Food Blog from Zip Recipes	22	1,126	1,731	1k+	12 years ago	12 days ago	Non-prefixed global variable
#212	Advanced Custom Fields: Extended	23	1,885	329	100k+	7 years ago	26 days ago	Text Domain Mismatch
#213	Custom WooCommerce Checkout Fields Editor	23	755	1,386	2k+	9 years ago	1 year ago	Non-prefixed global variable
#214	Admin and Site Enhancements (ASE)	23	136	330	200k+	4 years ago	2 days ago	Nonce verification recommended
#215	Advanced Product Labels for WooCommerce	23	921	559	20k+	10 years ago	28 days ago	Text Domain Mismatch
#216	Affiliate Super Assistent	23	1,280	267	2k+	18 years ago	2 months ago	Text Domain Mismatch
#217	Autoptimize	23	288	191	800k+	17 years ago	3 months ago	Output is not escaped
#218	B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More	23	1,347	409	10k+	6 years ago	9 days ago	Text Domain Mismatch
#219	BA Book Everything	23	1,184	1,086	10k+	8 years ago	1 month ago	Output is not escaped
#220	Beds24 Online Booking	23	532	374	2k+	14 years ago	1 year ago	wp function not compatible with requires wp
#221	Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	23	1,053	967	700k+	16 years ago	26 days ago	Missing Translators Comment
#222	BlossomThemes Email Newsletter	23	337	239	20k+	9 years ago	3 months ago	Output is not escaped
#223	Booking calendar, Appointment Booking System	23	1,079	1,125	4k+	11 years ago	3 months ago	Output is not escaped
#224	Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content	23	238	294	20k+	7 years ago	5 months ago	error log print r
#225	BSK PDF Manager	23	1,576	625	7k+	13 years ago	2 months ago	Text Domain Mismatch
#226	BuddyDrive	23	722	1,597	1k+	13 years ago	1 year ago	Non-prefixed global variable
#227	Announcement & Notification Banner – Bulletin	23	930	1,576	2k+	6 years ago	4 months ago	Non-prefixed global variable
#228	Burger Companion	23	3,274	472	10k+	6 years ago	1 month ago	Text Domain Mismatch
#229	Business Directory Plugin – Easy Listing Directories for WordPress	23	611	1,058	10k+	15 years ago	1 month ago	Non-prefixed global variable
#230	Captivate Sync	23	174	557	1k+	7 years ago	5 months ago	Non-prefixed global variable
#231	Cart Notices for WooCommerce	23	650	471	2k+	10 years ago	28 days ago	Text Domain Mismatch
#232	WPBot – AI ChatBot for Live Support, Lead Generation, AI Services	23	264	1,038	5k+	8 years ago	yesterday	Non-prefixed global variable
#233	Classified Listing – AI-Powered Classified ads & Business Directory	23	155	1,861	9k+	8 years ago	7 days ago	Non-prefixed global variable
#234	CleanTalk Anti-Spam. Spam Firewall & Bot protection	23	826	1,078	200k+	14 years ago	5 days ago	Missing nonce verification
#235	Content Aware Sidebars – Fastest Widget Area Plugin	23	993	1,738	30k+	15 years ago	7 months ago	Non-prefixed global variable
#236	Content Egg – Affiliate Product Importer & Price Comparison	23	1,231	1,257	10k+	11 years ago	2 days ago	Non-prefixed global variable
#237	Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)	23	306	587	100k+	12 years ago	1 month ago	Dynamic hook name
#238	CWW Companion	23	307	223	1k+	5 years ago	2 months ago	Output is not escaped
#239	Disable Bloat for WordPress & WooCommerce	23	863	1,325	10k+	6 years ago	1 year ago	Non-prefixed global variable
#240	DK PDF – WordPress PDF Generator	23	744	335	3k+	11 years ago	5 months ago	Exception output is not escaped
#241	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	23	170	821	40k+	11 years ago	4 days ago	Non-prefixed global variable
#242	Easy Age Verify	23	1,138	2,631	1k+	7 years ago	11 days ago	Non-prefixed global variable
#243	Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	23	3,723	10,283	40k+	14 years ago	5 days ago	Non-prefixed namespace
#244	Ecwid by Lightspeed Ecommerce Shopping Cart	23	339	307	20k+	17 years ago	4 months ago	Missing direct file access protection
#245	Error Log Monitor	23	694	1,414	20k+	14 years ago	9 months ago	Non-prefixed global variable
#246	Essential Real Estate	23	529	5,060	8k+	9 years ago	22 days ago	Non-prefixed global variable
#247	EventON – Events Calendar	23	2,585	1,021	6k+	4 years ago	26 days ago	Text Domain Mismatch
#248	Events Addon for Elementor	23	779	1,339	7k+	7 years ago	10 months ago	Non-prefixed global variable
#249	Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI	23	395	1,342	90k+	8 years ago	5 days ago	Non-prefixed global variable
#250	Ezoic	23	432	516	10k+	8 years ago	6 days ago	Output is not escaped