WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized

Input is not validated or sanitized

Request data is used without both cleanup and an allowability check.

critical weight

Why It Shows Up

The scan found a request value moving into code without sanitization and without validation.

Why It Matters

This combines two common input-handling failures: the value may contain unsafe content, and the code has not proven that the value is acceptable for the operation.

How to Fix

Call `wp_unslash()` on request input first.
Sanitize for the expected type or format.
Validate against allowed values, ranges, capabilities, and nonces before using the value.

References

WordPress validating, sanitizing, and escaping WordPress nonces

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#51	Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider	24	599	1,532	10k+	9 days ago	Non Prefixed Variable Found
#52	SEO Engine – Smart SEO with AI, Schema & Redirection for WordPress	24	236	304	1k+	8 days ago	Direct Query
#53	Shortcodes Ultimate – Content Elements	24	656	1,552	400k+	12 days ago	Non Prefixed Variable Found
#54	ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization	24	926	322	10k+	3 days ago	Output Not Escaped
#55	Ultra Addons for Contact Form 7	24	1,538	460	60k+	27 days ago	Text Domain Mismatch
#56	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	24	938	2,935	200k+	10 days ago	Non Prefixed Variable Found
#57	Video Conferencing with Zoom	24	1,105	440	10k+	13 days ago	Unsafe Printing Function
#58	CSS & JavaScript Toolbox	25	155	617	10k+	8 months ago	Non Prefixed Class Found
#59	Smash Balloon Social Post Feed – Simple Social Feeds for WordPress	25	554	982	200k+	12 days ago	Output Not Escaped
#60	Smash Balloon Social Photo Feed – Easy Social Feeds Plugin	25	449	1,300	1m+	4 days ago	Interpolated Not Prepared
#61	Bulk Page Generator – LPagery	25	670	1,926	3k+	3 days ago	Non Prefixed Variable Found
#62	LWS Optimize – All-in-One Speed Booster & Cache Tools	25	430	764	20k+	7 days ago	Non Prefixed Variable Found
#63	My Calendar – Accessible Event Manager	25	10	2,191	20k+	8 days ago	Non Prefixed Function Found
#64	Piotnet Forms	25	187	374	3k+	2 years ago	Output Not Escaped
#65	Quiz Maker by AYS	25	505	3,015	20k+	today	Non Prefixed Variable Found
#66	Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator	25	647	1,016	1k+	11 days ago	Output Not Escaped
#67	Survey Maker by AYS	25	566	2,397	6k+	4 days ago	Non Prefixed Variable Found
#68	Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals	25	137	353	60k+	1 month ago	Input Not Sanitized
#69	WP Popups – WordPress Popup builder	25	440	342	30k+	4 months ago	Output Not Escaped
#70	Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF	25	154	118	60k+	23 days ago	Non Prefixed Variable Found
#71	WP Statistics – Simple, privacy-friendly Google Analytics alternative	25	610	2,465	600k+	1 month ago	Non Prefixed Variable Found
#72	WP Super Cache	25	800	989	1m+	26 days ago	Output Not Escaped
#73	Database for Contact Form 7, WPforms, Elementor forms	26	317	489	60k+	3 days ago	Non Prefixed Variable Found
#74	Translate WordPress with ConveyThis – AI Multilingual Plugin	26	159	297	1k+	14 days ago	Non Prefixed Variable Found
#75	Paytium: Mollie payment forms & donations	26	506	551	3k+	5 days ago	Unsafe Printing Function
#76	Rate My Post – Star Rating Plugin by FeedbackWP	27	222	360	20k+	4 days ago	Output Not Escaped
#77	Watu Quiz	27	1,089	1,014	3k+	25 days ago	Output Not Escaped
#78	WP Hide & Security Enhancer	27	124	375	50k+	14 days ago	Input Not Sanitized
#79	Countdown, Coming Soon, Maintenance – Countdown & Clock	29	1,735	143	10k+	4 months ago	Non Singular String Literal Domain
#80	PhastPress	29	95	52	10k+	3 days ago	Exception Not Escaped
#81	Contact Form 7 – PayPal & Stripe Add-on	30	385	233	8k+	26 days ago	Unsafe Printing Function
#82	Taboola	30	89	147	1k+	8 months ago	Output Not Escaped
#83	FOX – Currency Switcher Professional for WooCommerce	30	211	1,022	50k+	10 days ago	Non Prefixed Variable Found
#84	Zoho CRM Lead Magnet	30	101	1,025	3k+	13 days ago	Missing Unslash
#85	افزونه پیامک حرفه ای فراز اس ام اس	31	89	180	2k+	3 years ago	wp function not compatible with requires wp
#86	Split Test For Elementor	32	98	132	3k+	4 days ago	Non Prefixed Variable Found
#87	Stock Sync for WooCommerce	32	362	232	1k+	5 months ago	Text Domain Mismatch
#88	Ultimate Before After Image Slider & Gallery – BEAF	33	488	87	30k+	today	Text Domain Mismatch
#89	Clicky Analytics	33	166	92	10k+	29 days ago	Output Not Escaped
#90	Lenix Leads Collector	34	414	242	10k+	1 year ago	Text Domain Mismatch
#91	Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers	34	261	863	30k+	6 days ago	Non Prefixed Variable Found
#92	Responsive Filterable Portfolio	34	441	156	1k+	21 days ago	Output Not Escaped
#93	Search Engine Insights for Google Search Console	34	174	113	2k+	29 days ago	Output Not Escaped
#94	Thumbnail carousel slider	34	277	143	2k+	24 days ago	Output Not Escaped
#95	CrowdSec	35	130	119	2k+	5 months ago	Output Not Escaped
#96	Full Width Banner Slider Wp	35	239	140	2k+	18 days ago	Output Not Escaped
#97	Kaya QR Code Generator	35	193	40	20k+	1 month ago	Non Singular String Literal Domain
#98	Keyring	35	233	203	1k+	3 years ago	Output Not Escaped
#99	WP Responsive Tabs horizontal vertical and accordion Tabs	35	598	212	2k+	18 days ago	Output Not Escaped
#100	Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons	35	33	293	10k+	2 months ago	Non Prefixed Variable Found