WordPress.Security.ValidatedSanitizedInput.MissingUnslash

Request data is not unslashed

Input from a WordPress request superglobal is used before removing WordPress-added slashes.

critical weight

Why It Shows Up

WordPress adds slashes to request data for historical compatibility. The scan found `$_GET`, `$_POST`, `$_REQUEST`, or similar input used without `wp_unslash()`.

Why It Matters

Sanitizing slashed data can produce incorrect values, failed comparisons, broken validation, or stored data that does not match what the user submitted.

How to Fix

Read the specific request key, then call `wp_unslash()` on it.
Sanitize the unslashed value with a function that matches the expected data type.
Validate the sanitized value before using it in permissions, queries, redirects, or stored settings.

References

WordPress validating, sanitizing, and escaping

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#101	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	6 days ago	Exception Not Escaped
#102	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non Prefixed Variable Found
#103	WebP Express	21	160	427	300k+	3 days ago	Non Prefixed Variable Found
#104	Wise Chat	21	470	506	5k+	4 months ago	Output Not Escaped
#105	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	18 days ago	Exception Not Escaped
#106	Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	21	786	3,395	30k+	5 days ago	Non Prefixed Variable Found
#107	Pay For Post with WooCommerce	21	960	1,474	1k+	5 months ago	Non Prefixed Variable Found
#108	PPOM – Product Addons & Custom Fields for WooCommerce	21	336	1,325	20k+	20 days ago	Non Prefixed Variable Found
#109	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#110	WP-Lister Lite for eBay	21	6,697	5,129	2k+	19 days ago	Output Not Escaped
#111	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#112	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	21	1,354	1,140	70k+	14 days ago	Output Not Escaped
#113	Premium Packages – Sell Digital Products Securely	21	2,765	2,444	3k+	6 months ago	Output Not Escaped
#114	WPScan – WordPress Security Scanner	21	527	265	8k+	5 months ago	Text Domain Mismatch
#115	Frontend Admin by DynamiApps	22	5,922	3,208	10k+	5 days ago	Text Domain Mismatch
#116	Advanced Ads – Ad Manager & AdSense	22	578	734	100k+	14 days ago	Non Prefixed Variable Found
#117	Advanced Classifieds & Directory Pro	22	1,229	3,511	2k+	3 months ago	Non Prefixed Variable Found
#118	Advanced Form Integration — Connect Forms to 200+ Apps	22	5,771	4,678	10k+	4 days ago	wp function not compatible with requires wp
#119	Ajax Load More – Infinite Scroll, Load More, & Lazy Load	22	641	595	40k+	18 days ago	Unsafe Printing Function
#120	All-in-One Video Gallery	22	911	2,892	20k+	1 month ago	Non Prefixed Variable Found
#121	Booking for Appointments and Events Calendar – Amelia	22	1,489	480	90k+	4 days ago	Exception Not Escaped
#122	Shortcodes and extra features for Phlox theme	22	413	426	90k+	1 month ago	Output Not Escaped
#123	Knowledge Base documentation & wiki plugin – BasePress Docs	22	671	1,767	2k+	5 months ago	Non Prefixed Variable Found
#124	Borderless – Addons and Templates for Elementor	22	438	1,388	5k+	7 months ago	Non Prefixed Variable Found
#125	Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots	22	1,604	2,019	10k+	12 days ago	Direct Query
#126	BuddyPress	22	583	9,008	100k+	9 months ago	Non Prefixed Function Found
#127	Better WordPress Minify	22	412	484	8k+	9 years ago	Non Singular String Literal Domain
#128	Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms	22	493	295	10k+	3 months ago	Text Domain Mismatch
#129	Message Filter for Contact Form 7	22	1,072	1,611	1k+	8 months ago	Non Prefixed Variable Found
#130	Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer	22	2,858	1,270	50k+	2 months ago	Text Domain Mismatch
#131	Code Profiler – WordPress Performance Profiling and Debugging Made Easy	22	265	400	8k+	10 days ago	Non Prefixed Variable Found
#132	Passster – Password Protect Pages and Content	22	539	1,419	10k+	20 days ago	Non Prefixed Variable Found
#133	RegistrationMagic – User Registration Forms Plugin	22	3,654	5,062	8k+	2 days ago	Non Prefixed Variable Found
#134	WP Customer Area	22	3,308	941	10k+	2 months ago	Text Domain Mismatch
#135	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	22	703	841	8k+	yesterday	Non Prefixed Variable Found
#136	Download Manager	22	2,290	1,301	100k+	6 days ago	Output Not Escaped
#137	Dynamic QR Code – generator	22	238	208	6k+	1 year ago	missing direct file access protection
#138	E2Pdf – Export Pdf Tool for WordPress	22	1,075	836	10k+	6 days ago	Unsafe Printing Function
#139	Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	22	1,567	1,277	30k+	2 months ago	Non Prefixed Variable Found
#140	EleSpare – News, Magazine and Blog Addons for Elementor	22	733	1,423	10k+	27 days ago	Non Prefixed Variable Found
#141	Estatik Real Estate Plugin	22	3,049	325	10k+	9 days ago	Text Domain Mismatch
#142	Events Manager – Calendar, Bookings, Tickets, and more!	22	4,722	5,621	70k+	3 days ago	Output Not Escaped
#143	Falang multilanguage for WordPress	22	716	769	1k+	11 days ago	Output Not Escaped
#144	File Manager Pro – Filester	22	565	391	100k+	1 month ago	Missing Unslash
#145	Finale Lite – Sales Countdown Timer & Discount for WooCommerce	22	1,031	451	4k+	1 year ago	Output Not Escaped
#146	FireBox Popups – Increase Sales and Grow Your Email List	22	153	812	7k+	7 days ago	Non Prefixed Variable Found
#147	Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar	22	1,321	1,371	3k+	1 month ago	Non Prefixed Variable Found
#148	Five Star Restaurant Menu and Food Ordering	22	752	609	5k+	19 days ago	Output Not Escaped
#149	FunnelKit Payment Gateway for Stripe WooCommerce	22	244	321	20k+	1 month ago	Input Not Sanitized
#150	GeoDirectory – WP Business Directory Plugin and Classified Listings Directory	22	4,462	3,972	10k+	12 days ago	Output Not Escaped