WordPress.Security.ValidatedSanitizedInput.MissingUnslash

Request data is not unslashed

Input from a WordPress request superglobal is used before removing WordPress-added slashes.

critical weight

Why It Shows Up

WordPress adds slashes to request data for historical compatibility. The scan found `$_GET`, `$_POST`, `$_REQUEST`, or similar input used without `wp_unslash()`.

Why It Matters

Sanitizing slashed data can produce incorrect values, failed comparisons, broken validation, or stored data that does not match what the user submitted.

How to Fix

Read the specific request key, then call `wp_unslash()` on it.
Sanitize the unslashed value with a function that matches the expected data type.
Validate the sanitized value before using it in permissions, queries, redirects, or stored settings.

References

WordPress validating, sanitizing, and escaping

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#51	bbPress	21	929	3,672	100k+	12 months ago	Non Prefixed Function Found
#52	Pinpoint Booking System – Version 2	21	634	328	3k+	3 days ago	missing direct file access protection
#53	rtMedia for WordPress, BuddyPress and bbPress	21	363	633	8k+	3 months ago	Non Prefixed Constant Found
#54	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#55	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#56	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	19 days ago	Text Domain Mismatch
#57	Smart Grid-Layout Design for Contact Form 7	21	1,126	734	10k+	1 month ago	Output Not Escaped
#58	Comet Cache	21	857	245	20k+	12 months ago	Output Not Escaped
#59	Cost Calculator Builder	21	322	765	30k+	2 days ago	Non Prefixed Variable Found
#60	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output Not Escaped
#61	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#62	Envo Extra	21	878	600	20k+	25 days ago	Text Domain Mismatch
#63	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams	21	186	437	9k+	2 months ago	Non Prefixed Variable Found
#64	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	3 days ago	Direct Query
#65	Eupago Gateway For Woocommerce	21	612	320	2k+	2 months ago	Output Not Escaped
#66	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	yesterday	Non Prefixed Variable Found
#67	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	11 days ago	Output Not Escaped
#68	FileOrganizer – WordPress File Manager	21	536	241	200k+	11 days ago	unlink unlink
#69	Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More	21	52	1,959	300k+	5 days ago	Non Prefixed Variable Found
#70	Campaign Monitor for WordPress	21	386	461	2k+	2 months ago	Non Prefixed Variable Found
#71	If-So Dynamic Content – Elementor & All Page Builders Personalization	21	889	725	7k+	24 days ago	Unsafe Printing Function
#72	Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)	21	418	851	1m+	20 days ago	Non Prefixed Variable Found
#73	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#74	LA-Studio Element Kit for Elementor	21	8,390	1,964	10k+	5 days ago	Text Domain Mismatch
#75	MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder	21	1,133	3,011	2k+	7 months ago	Non Prefixed Variable Found
#76	Mapster WP Maps	21	3,440	2,903	3k+	10 days ago	Text Domain Mismatch
#77	Modular DS: Monitor, update, and backup multiple websites	21	161	81	40k+	1 month ago	Exception Not Escaped
#78	MotoPress Hotel Booking	21	3,061	1,037	10k+	6 days ago	Text Domain Mismatch
#79	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	21	1,469	3,333	10k+	3 days ago	Non Prefixed Variable Found
#80	OneLogin SAML SSO	21	508	330	7k+	6 months ago	wp function not compatible with requires wp
#81	Packeta	21	802	333	8k+	8 months ago	Exception Not Escaped
#82	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	19 days ago	Non Prefixed Variable Found
#83	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	19 days ago	Non Prefixed Hookname Found
#84	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	11 days ago	Recommended
#85	PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board	21	603	890	6k+	1 month ago	Output Not Escaped
#86	Razorpay Quick Payments	21	399	63	3k+	1 year ago	Exception Not Escaped
#87	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#88	Rocket Maintenance Mode & Coming Soon Page	21	1,176	1,406	4k+	2 years ago	Non Prefixed Variable Found
#89	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	13 days ago	Text Domain Mismatch
#90	Seamless Donations is Sunset	21	600	514	2k+	2 years ago	Text Domain Mismatch
#91	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#92	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#93	Accept Stripe Payments	21	373	882	20k+	2 months ago	Missing
#94	ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	21	190	660	30k+	25 days ago	Non Prefixed Variable Found
#95	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found
#96	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	5 days ago	Exception Not Escaped
#97	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non Prefixed Variable Found
#98	WebP Express	21	160	427	300k+	2 days ago	Non Prefixed Variable Found
#99	Wise Chat	21	470	506	5k+	3 months ago	Output Not Escaped
#100	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	17 days ago	Exception Not Escaped