WordPress.Security.ValidatedSanitizedInput.InputNotValidatedNotSanitized
Input is not validated or sanitized
Request data is used without both cleanup and an allowability check.
Why It Shows Up
The scan found a request value moving into code without sanitization and without validation.
Why It Matters
This combines two common input-handling failures: the value may contain unsafe content, and the code has not proven that the value is acceptable for the operation.
How to Fix
- Call `wp_unslash()` on request input first.
- Sanitize for the expected type or format.
- Validate against allowed values, ranges, capabilities, and nonces before using the value.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| No results. | ||||||||