WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3101Grid Gallery – for Photo Gallery, Image Gallery & Portfolio419741k+Request data is not unslashed
#3102Social Login4181105k+Input is not sanitized
#3103Live Chat & AI Chatbot – onWebChat413191700error log error log
#3104OSS Aliyun4119404k+Request data is not unslashed
#3105Page Loading Effects4168242k+Output is not escaped
#3106Page & Post Notes4112771k+Non-prefixed global variable
#3107Page Specific Menu Items4178192k+Output is not escaped
#3108Passwordless Login4140241k+Output is not escaped
#3109Personalize Login414784500Nonce verification recommended
#3110Phone Button4125203700Non-prefixed global variable
#3111Plugin Activation Tracker4136241k+Text Domain Mismatch
#3112Pods – Custom Content Types and Fields415233100k+Direct Query
#3113Web Accessibility (formally known as Ally) – WCAG Scanning, Guided Fixes, Usability Widget414738500k+Output is not escaped
#3114Post Cloner4125151k+Text Domain Mismatch
#3115Posts 2 Posts41427310k+Non Singular String Literal Domain
#3116Powie's WHOIS Domain Check413811500Unsafe printing function
#3117Prevent Landscape Rotation4131271k+Output is not escaped
#3118Simple Product Options for WooCommerce4162413k+Output is not escaped
#3119Product Questions & Answers for WooCommerce418195400Output is not escaped
#3120Variation Swatches for WooCommerce41291269k+Missing nonce verification
#3121Quick View WooCommerce4180121k+Output is not escaped
#3122Recurring PayPal Donations414847800Text Domain Mismatch
#3123wpSUBpages Redirect412427600Output is not escaped
#3124Revision Control41602840k+Output is not escaped
#3125Revisionize4154244k+Output is not escaped
#3126Send link to friend418147400Output is not escaped
#3127Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More414361100k+Request data is not unslashed
#3128Simple Cache4133591k+Input is not sanitized
#3129IP Ban4129392k+Input is not validated
#3130Simple Lightbox412148100k+Nonce verification recommended
#3131Simple Page Access Restriction4166516k+Unsafe printing function
#3132Simple Restrict4134121k+Output is not escaped
#3133Simple Revision Control4134431k+Dynamic hook name
#3134SiteSEO – SEO Simplified4120110500k+Nonce verification recommended
#3135Smoove connector for Elementor forms412260600Nonce verification recommended
#3136SnapScan Payment Gateway413330700Output is not escaped
#3137Masonry Widget415811500Output is not escaped
#3138SQL Chart Builder413852600Text Domain Mismatch
#3139Sticky Posts – Switch418456k+Output is not escaped
#3140Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress41271682k+Request data is not unslashed
#3141tarteaucitron.io41449210k+Output is not escaped
#3142Taxonomy Converter415424600Output is not escaped
#3143Taxonomy Filter4114340800Output is not escaped
#3144Text Hover4144131k+Output is not escaped
#3145Text Replace4155123k+Output is not escaped
#3146Theme Blvd Importer412558500Missing nonce verification
#3147Theme Duplicator411431400Nonce verification recommended
#3148Threat Scan Plugin412917400Output is not escaped
#3149Advanced Editor Tools41143841m+Unsafe printing function
#3150TW Pagination4190231k+Non Singular String Literal Domain