WordPress.Security.ValidatedSanitizedInput.MissingUnslash

Request data is not unslashed

Input from a WordPress request superglobal is used before removing WordPress-added slashes.

critical weight

Why It Shows Up

WordPress adds slashes to request data for historical compatibility. The scan found `$_GET`, `$_POST`, `$_REQUEST`, or similar input used without `wp_unslash()`.

Why It Matters

Sanitizing slashed data can produce incorrect values, failed comparisons, broken validation, or stored data that does not match what the user submitted.

How to Fix

  • Read the specific request key, then call `wp_unslash()` on it.
  • Sanitize the unslashed value with a function that matches the expected data type.
  • Validate the sanitized value before using it in permissions, queries, redirects, or stored settings.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2601NextGEN Custom Fields362151311k+SQL query is not prepared
#2602MailerLite – Signup forms (official)36430158100k+Output is not escaped
#2603We’re Open!362731875k+Unsafe printing function
#2604Order Status History for WooCommerce362101711k+Output is not escaped
#2605Ovation Elements362339910k+Non-prefixed global variable
#2606Ozh' Admin Drop Down Menu36125433k+Output is not escaped
#2607PayTR Sanal POS WooCommerce – iFrame API361175410k+Output is not escaped
#2608PDF Forms Filler for CF736185793k+Text Domain Mismatch
#2609PDF Forms Filler for WPForms3616154600Text Domain Mismatch
#2610Peter’s Post Notes362241023k+Output is not escaped
#2611Photonic Gallery & Lightbox for Flickr, SmugMug & Others3618016310k+Missing Translators Comment
#2612Photoswipe Masonry Gallery3657476k+Non Singular String Literal Text
#2613Plugins Garbage Collector (Database Cleanup)36325110k+Missing nonce verification
#2614Post Views Stats Counter36142241700Non-prefixed global variable
#2615ActiveCampaign Postmark for WordPress36477550k+Text Domain Mismatch
#2616WowStore – Store Builder & Product Blocks for WooCommerce36664294k+Non-prefixed global variable
#2617افزونه رسمی ترب36428620k+Exception output is not escaped
#2618Qubely – Advanced Gutenberg Blocks3639788k+Request data is not unslashed
#2619Quick 301 Redirects36891205k+Non-prefixed global variable
#2620Direct Checkout – Quick View – Buy Now For WooCommerce36901122k+Missing nonce verification
#2621QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly361721088k+Non Singular String Literal Domain
#2622Better Find and Replace – AI-Powered Suggestions366712940k+Missing direct file access protection
#2623Recent Posts3610630500Text Domain Mismatch
#2624Optimize Database after Deleting Revisions3664412760k+Output is not escaped
#2625Search & Replace365053100k+Missing nonce verification
#2626Search Everything361657710k+Text Domain Mismatch
#2627Speed Optimizer – The All-In-One Performance-Boosting Plugin3645961m+Non-prefixed hook name
#2628SMTP for SendGrid – YaySMTP3627961k+Non-prefixed global variable
#2629StaticPress368879500Output is not escaped
#2630Subscribe to Comments3612916310k+Output is not escaped
#2631Supplier Order Email3654105400Output is not escaped
#2632Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder3616240200k+Output is not escaped
#2633SurveyJS: Drag & Drop Form Builder3612134500Missing Version
#2634Sync QCloud COS3663109600Non-prefixed function
#2635Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.3650105400Direct Query
#2636Advance Side Cart, Ajax Cart & Floating Cart for WooCommerce36371216k+Non-prefixed global variable
#2637The Events Calendar Shortcode & Block367012710k+Non-prefixed hook name
#2638Toolbox for Asgaros Forum36150841k+Output is not escaped
#2639Plugin Name: Traffic Counter Widget Plugin3671107600Output is not escaped
#2640Zoho ZeptoMail36321105k+Request data is not unslashed
#2641TrustMate.io – WooCommerce integration36251973k+Output is not escaped
#2642Ubigeo de Perú para Woocommerce y WordPress361912354k+Non-prefixed function
#2643Slider Ultimate3629480500Output is not escaped
#2644underConstruction36986040k+Unsafe printing function
#2645PDF Flipbook, WPBakery Addon – Unreal FlipBook36400921k+Non Singular String Literal Domain
#2646User Roles and Capabilities362271328k+Output is not escaped
#2647Virtual Classroom – Video Conferencing & Online Meeting with BigBlueButton3647138400Nonce verification recommended
#2648Video Thumbnails Reloaded36343582k+Text Domain Mismatch
#2649Wanderlust OCA para WooCommerce3615755500Text Domain Mismatch
#2650WC Builder – WooCommerce Page Builder for WPBakery36647501k+Text Domain Mismatch