WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3151Advanced Editor Tools41143841m+Unsafe printing function
#3152TW Pagination4190231k+Non Singular String Literal Domain
#3153Visibility Logic for Elementor41274330k+Output is not escaped
#3154Waka Bulk Page4152161k+Unsafe printing function
#3155WaveSurfer-WP418322400Unsafe printing function
#3156Abandoned Cart Recovery for WooCommerce41202024k+Request data is not unslashed
#3157Top Image SEO41115265k+Unsafe printing function
#3158M-Pesa(Kenya) Checkout for Woocommerce4146381k+Text Domain Mismatch
#3159Quick View For WooCommerce4144441k+Output is not escaped
#3160WooCommerce Colors41632810k+Output is not escaped
#3161Pay for Payment for WooCommerce41296710k+Missing nonce verification
#3162Spam Protect for Contact Form 741166110k+Request data is not unslashed
#3163WP Crontrol412091300k+Nonce verification recommended
#3164WP Dashboard Notes41242920k+Unsafe printing function
#3165Regions for WP Job Manager4129557k+Nonce verification recommended
#3166WP Lorem ipsum413729500Unsafe printing function
#3167WP Permalink Translator4134212k+Unsafe printing function
#3168WP Router412913800Exception output is not escaped
#3169WP Test Email41322820k+Unsafe printing function
#3170User Login Notifier for WordPress4172261k+Output is not escaped
#3171WPS Hide Login4134722m+Nonce verification recommended
#3172Export WooCommerce Orders, Products, Customers & Coupons to Google Sheets414535700Output is not escaped
#3173Simple Accessibility Button4133171900Non-prefixed global variable
#3174Z-Credit Checkout – WooCommerce Payment Gateway4115122900Text Domain Mismatch
#3175Zilla Portfolio4113915400Text Domain Mismatch
#3176ActiveTrail – Contact Form 7421885600Missing nonce verification
#3177Add to Home Screen & Progressive Web App4223681k+Request data is not unslashed
#3178Admin Options Pages423284500Nonce verification recommended
#3179Affiliate Link Tracker422449500Request data is not unslashed
#3180Agoda Affiliate Partners Text Link Generator42440500Interpolated SQL is not prepared
#3181Open Currency Converter4259191k+Unsafe printing function
#3182多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条4217382k+Input is not sanitized
#3183Basic SEO Pack42868700Output is not escaped
#3184Bazz CallBack widget4255283k+Unsafe printing function
#3185Block Temporary Email423313500Unsafe printing function
#3186Booking.com Official Search Box4236322k+Output is not escaped
#3187BP Auto Group Join425555700Output is not escaped
#3188Bulk Change Media Author4225202k+Unsafe printing function
#3189Chartbeat4233181k+Output is not escaped
#3190Cities Shipping Zones for WooCommerce4294444k+Text Domain Mismatch
#3191Clover Payments for WooCommerce4225152k+Exception output is not escaped
#3192Comment Blacklist Updater4245151k+Output is not escaped
#3193Comment Reply Email422123500Unsafe printing function
#3194Companion Revision Manager – Revision Control4218284k+Unsafe printing function
#3195Contact Form 7 add confirm42315150k+Text Domain Mismatch
#3196Cookie Notify421554400Input is not validated
#3197Cronjob Scheduler4220361k+Input is not sanitized
#3198Custom Taxonomy Order42205650k+Output is not escaped
#3199Dashboard Notes422734600Missing Arg Domain
#3200Delete Expired Transients4249655k+Direct Query