WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2701Events Manager – Zoom Integration3914143700Output is not escaped
#2702Faster Image Insert3994262k+Output is not escaped
#2703First Order Discount Woocommerce3955301k+Output is not escaped
#2704Fix Duplicates397673800Output is not escaped
#2705Flamix: Bitrix24 and WooCommerce Orders integration398131500Output is not escaped
#2706Flex Import3915140500Non-prefixed global variable
#2707Floating Action Button39164691k+Unsafe printing function
#2708Genesis Dambuster3994673k+Output is not escaped
#2709GF Mollie by Indigo398233900Exception output is not escaped
#2710Gift Up Gift Cards for WordPress and WooCommerce3994605k+Output is not escaped
#2711GL Import External Images3911819800wp function not compatible with requires wp
#2712Prisna GWT – Google Website Translator39117778k+Text Domain Mismatch
#2713GoSMTP – SMTP for WordPress395942500k+Output is not escaped
#2714Graphina – Charts and Graphs For Elementor391,89511310k+Text Domain Mismatch
#2715Gravity Slider Fields3956362k+Text Domain Mismatch
#2716GS Only PDF Preview3946361k+Output is not escaped
#2717Gutenverse News – News Blocks for Blog & Magazine Sites393765800Non-prefixed hook name
#2718HD Quiz39252827k+Output is not escaped
#2719Hide My WP Lite392462400Nonce verification recommended
#2720Maintenance Mode39861097k+Output is not escaped
#2721hpb seo plugin for WordPress3915872k+Non-prefixed global variable
#2722HTML5 Cumulus39132331k+Output is not escaped
#2723HW Image Widget39138411k+Output is not escaped
#2724Idle User Logout3996131k+Output is not escaped
#2725If Menu – Visibility control for Menus392816350k+Output is not escaped
#2726Image Carousel39164181k+Output is not escaped
#2727Image Watermark WP398882600Output is not escaped
#2728S2W – Import Shopify to WooCommerce3981323k+Request data is not unslashed
#2729Improved Save Button3944524k+Missing Translators Comment
#2730Insert Amz Images3979441k+Output is not escaped
#2731Insert Html Snippet3915920520k+Output is not escaped
#2732involve.me – Create Surveys, Quizzes, Calculators & Forms as Embedded Widgets or Pop-ups3915832400Text Domain Mismatch
#2733JetGridBuilder — Grid Builder for Elementor and Gutenberg39414404k+Text Domain Mismatch
#2734Korea SNS3988304k+Unsafe printing function
#2735LH Add Media From Url3942262k+Output is not escaped
#2736Library Viewer396593400Non-prefixed hook name
#2737LuckyWP Table of Contents3943862100k+Output is not escaped
#2738Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid3965726k+block api version too low
#2739Mail Subscribe List3917943k+Input is not validated
#2740MailChimp Add-On for FormCraft395629800curl curl setopt
#2741Manage Enrollment for LearnDash394879400Unsafe printing function
#2742Map Categories to Pages394813700Output is not escaped
#2743Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce3976641k+Missing Translators Comment
#2744Maps for WP3916973400Output is not escaped
#2745Markup by Attribute for WooCommerce39461022k+Direct Query
#2746Mascaras CF73954161k+Text Domain Mismatch
#2747Meks Easy Photo Feed Widget39772710k+Output is not escaped
#2748Menubar39171461k+Output is not escaped
#2749Mizan Demo Importer3931911k+Missing nonce verification
#2750Modal Dialog396464500Output is not escaped