WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2901Fast User Switching4028282k+Output is not escaped
#2902Featured Post403618900Output is not escaped
#2903Flamingo4015228800k+Nonce verification recommended
#2904FluentComments – Spam protection, AntiSpam, Ajax Enhanced Comments405047700Non-prefixed global variable
#2905Flying Scripts: Delay JavaScript to Improve Site Speed & Performance40234430k+Missing direct file access protection
#2906Full Background Manager4037247k+Output is not escaped
#2907Fusion Page Builder40341003k+Input is not validated
#2908Product Enquiry for WooCommerce4057413k+Output is not escaped
#2909Gravity Forms Data Persistence Add-On Reloaded401438700Input is not sanitized
#2910heatmap for WordPress – Realtime analytics4094151k+Non Singular String Literal Domain
#2911WP Armour – Honeypot Anti Spam405566400k+Missing nonce verification
#2912Hostinger Reach – AI-Powered Email Marketing for WordPress409461m+Direct Query
#2913I Agree! Popups405446600Output is not escaped
#2914If Widget – Visibility control for Widgets4099251k+Unsafe printing function
#2915iNext Woo Pincode Checker403682700Missing nonce verification
#2916Interactive US Map4013654400Text Domain Mismatch
#2917Internal Linking of Related Contents40714471k+Output is not escaped
#2918Invite Anyone40321301k+Non-prefixed hook name
#2919JSM Show Order Metadata for WooCommerce HPOS401764700Nonce verification recommended
#2920JSM Show Post Metadata40156610k+Nonce verification recommended
#2921JSM Show Term Metadata401464900Nonce verification recommended
#2922JSM Show User Metadata4014643k+Nonce verification recommended
#2923La Sentinelle antispam4088463k+Output is not escaped
#2924Social Like Box and Page by WpDevArt4062245k+Output is not escaped
#2925Limit Login Attempts408138300k+Output is not escaped
#2926LJ Multi Column Archive4017251k+Output is not escaped
#2927Loan Comparison4027192400Request data is not unslashed
#2928Logbook4033592k+Nonce verification recommended
#2929Manual Image Crop40178618k+Output is not escaped
#2930Mark New Posts406139500Non Singular String Literal Domain
#2931MAS Company Reviews For WP Job Manager4044711k+Output is not escaped
#2932Mass Email To Users408481800Output is not escaped
#2933MembershipWorks – Membership, Events & Directory4041292k+Output is not escaped
#2934Mobile Contact Line40393551k+Non-prefixed global variable
#2935WP Mobile Redirect404420400Text Domain Mismatch
#2936Modal Window – create popup modal window40417010k+Non-prefixed global variable
#2937코드엠샵 소셜톡404736400Output is not escaped
#2938Multiple Featured Images4050225k+Output is not escaped
#2939My Social Feeds – Social Feeds Embedder Plugin for WP40877400Request data is not unslashed
#2940Flying Images: Optimize and Lazy Load Images for Faster Page Speed4032583k+Missing direct file access protection
#2941No-Bot Registration40112422k+Unsafe printing function
#2942No CAPTCHA reCAPTCHA40112264k+Text Domain Mismatch
#2943One Click SSL401366210k+Unsafe printing function
#2944OPML Importer4035133k+Output is not escaped
#2945Page As Subdomain Lite406125500Output is not escaped
#2946Give – Paystack Gateway4096101k+Text Domain Mismatch
#2947Paystack MemberPress407176400Output is not escaped
#2948Permalink Editor4050281k+Output is not escaped
#2949List Petfinder Pets4012146400Output is not escaped
#2950Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels40682493k+Missing nonce verification