WordPress.Security.ValidatedSanitizedInput.InputNotValidated

Input is not validated

Request data is used without checking that it is allowed for the operation.

critical weight

Why It Shows Up

The scan found input from a request superglobal being used without validation such as capability checks, allowlists, type checks, or range checks.

Why It Matters

Sanitization cleans a value, but validation proves the value is acceptable. Missing validation can allow unexpected actions, invalid states, or unsafe query choices.

How to Fix

  • Check that IDs are positive integers, enum-like values are in an allowlist, and URLs or file paths are constrained.
  • Pair state-changing requests with nonce and capability checks.
  • Reject or safely default values that do not pass validation.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3301Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase432225510k+Non-prefixed global variable
#3302Make Tables Responsive43311026k+Input is not validated
#3303MembershipWorks Login Connector432881800Request data is not unslashed
#3304Lightbox432910700Unsafe printing function
#3305Opal Woo Custom Product Variation431116400Non-prefixed global variable
#3306Page Transition433930700Output is not escaped
#3307Pods Gravity Forms Add-On43791k+Missing nonce verification
#3308Post title marquee scroll4343251k+Output is not escaped
#3309Purchase Orders for WooCommerce43117741k+Text Domain Mismatch
#3310reCAPTCHA for MW WP Form43371430k+Non Singular String Literal Domain
#3311Redirect List4334221k+Output is not escaped
#3312Reoon Email Verifier432238600Missing nonce verification
#3313Simple Revisions Delete43162610k+Output is not escaped
#3314Simple Side Tab43281710k+Unsafe printing function
#3315Smart App Banner434749600Output is not escaped
#3316Snazzy Maps4396230k+Request data is not unslashed
#3317Team Builder Member Showcase43141271k+Non-prefixed global variable
#3318Term Management Tools4392610k+Non-prefixed hook name
#3319Terms Order WP – Categories And Taxonomies Order Plugin431247900Non-prefixed global variable
#3320Theme Switcha – Easily Switch Themes for Development and Testing4342537k+Output is not escaped
#3321Theme Test Drive4339167k+Output is not escaped
#3322Uber reCaptcha43129451k+Text Domain Mismatch
#3323UPI QR Code Payment Gateway for WooCommerce43422820k+Output is not escaped
#3324User Role Editor43117145700k+Output is not escaped
#3325User Session Control433121700Output is not escaped
#3326utm.codes433433400Missing nonce verification
#3327VA Simple Expires432531800Output is not escaped
#3328Sovrn439291k+Input is not sanitized
#3329WIP Custom Login432137700Nonce verification recommended
#3330WP Extra File Types43112640k+Request data is not unslashed
#3331WP Hotel Booking Stripe Payment433429400Text Domain Mismatch
#3332WP Hotel Booking WPML Support431052400Direct Query
#3333Active Campaign & Contact Form 74340273k+Output is not escaped
#3334Admin login URL Change4438112k+Output is not escaped
#3335Advanced Custom Fields: oEmbed Field443613900Text Domain Mismatch
#3336Advanced Dynamic Pricing and Discount Rules for WooCommerce44281320k+Non-prefixed namespace
#3337Despacho vía Starken Pro para WooCommerce4417560400Text Domain Mismatch
#3338Code Widget4460334k+Text Domain Mismatch
#3339Coming soon and Maintenance mode4414439k+Request data is not unslashed
#3340Comment Image4419231k+Output is not escaped
#3341Creative Addons for Elementor4463100800Missing Arg Domain
#3342Cyberpret – Calculettes444117500Output is not escaped
#3343Debug Bar Console442391k+Missing Arg Domain
#3344Easy!Appointments44476600Unsafe printing function
#3345Github Embed4418351k+Non-prefixed global variable
#3346Image Widget444853k+Output is not escaped
#3347KKiapay WooCommerce Plugin442025400Output is not escaped
#3348Save and Close44447400Missing nonce verification
#3349Narrative Publisher4428371k+Text Domain Mismatch
#3350Ocean Modal Window44264410k+Output is not escaped