WordPress.Security.ValidatedSanitizedInput.MissingUnslash

Request data is not unslashed

Input from a WordPress request superglobal is used before removing WordPress-added slashes.

critical weight

Why It Shows Up

WordPress adds slashes to request data for historical compatibility. The scan found `$_GET`, `$_POST`, `$_REQUEST`, or similar input used without `wp_unslash()`.

Why It Matters

Sanitizing slashed data can produce incorrect values, failed comparisons, broken validation, or stored data that does not match what the user submitted.

How to Fix

  • Read the specific request key, then call `wp_unslash()` on it.
  • Sanitize the unslashed value with a function that matches the expected data type.
  • Validate the sanitized value before using it in permissions, queries, redirects, or stored settings.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3101WP-Ban38991088k+Unsafe printing function
#3102WP Client Reports3895806k+Unsafe printing function
#3103WP-CommentNavi386846700Output is not escaped
#3104WP Content Copy Protection with Color Design3896615k+Non Singular String Literal Domain
#3105WP Discord Post Plus – Supports Unlimited Channels3811634700Text Domain Mismatch
#3106WP-DraftsForFriends38141711k+Output is not escaped
#3107WP Mail SMTP SendGrid Edition3810219500Text Domain Mismatch
#3108WP Mailgun SMTP389951900Text Domain Mismatch
#3109WP Maintenance Mode & Site Under Construction3872573k+Output is not escaped
#3110WP Media Categories3840103800Nonce verification recommended
#3111Native PHP Sessions38309210k+Direct Query
#3112Real-Time Post Statistics for WordPress3863682k+SQL query is not prepared
#3113WP Redirects – Contact Form 7385071400Unsafe printing function
#3114WP Safe Mode3895552k+Output is not escaped
#3115WP-ServerInfo381625510k+Output is not escaped
#3116External Store for Shopify3897332k+Output is not escaped
#3117WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups38299583k+Non Singular String Literal Domain
#3118WP Video Lightbox381076730k+Unsafe printing function
#3119WPC Product Options for WooCommerce38571824k+Non-prefixed global variable
#3120Responsive Vertical Icon Menu3818885700Output is not escaped
#3121mb.YTPlayer for background videos3880291k+Unsafe printing function
#3122WPTurbo -WordPress性能优化插件382034600Output is not escaped
#3123Weather Underground3864273k+Output is not escaped
#3124YouTube widget383925400Output is not escaped
#3125ZeroBounce Email Verification & Validation382991621k+Text Domain Mismatch
#3126Zoho Campaigns3831293k+Non-prefixed global variable
#3127Smart Custom 404 Error Page399044100k+Output is not escaped
#3128Accounting for WooCommerce3987115500Unsafe printing function
#3129ACF: Google Font Selector3957453k+Output is not escaped
#3130Ad Invalid Click Protector (AICP)39785710k+Text Domain Mismatch
#3131Add-on Gravity Forms – MailPoet 3393133600Output is not escaped
#3132Add Tiktok Pixel for Tiktok ads (+Woocommerce)3994252k+Output is not escaped
#3133Additional Order Filters for WooCommerce39792552k+Nonce verification recommended
#3134Admin Custom Font3934251k+Unsafe printing function
#3135Advanced Product Fields (Product Addons) for WooCommerce3914514550k+Output is not escaped
#3136Advanced Spoiler3910619600Non Singular String Literal Domain
#3137Advanced Woo Labels – Product Labels & Badges for WooCommerce3917312510k+Output is not escaped
#3138Affiliate Links – Link Cloaking and Management39231133k+Non-prefixed global variable
#3139AffiliatePages – Pros & Cons, Notice, and CTA Blocks for Affiliates3991532k+Output is not escaped
#3140AffiliateWP – Affiliate Area Tabs3986263k+Output is not escaped
#3141Load More Anything3938735k+Output is not escaped
#3142Accessibility by AllAccessible39200822k+Unsafe printing function
#3143Animate It!391371620k+Text Domain Mismatch
#3144Anything Order by Terms3948931k+Direct Query
#3145Ads.txt & App-ads.txt Manager for WordPress3997232k+Output is not escaped
#3146Archive Control39151671k+Unsafe printing function
#3147AWEOS WP Lock392453400Output is not escaped
#3148Timeline – Vertical and Horizontal Timeline Layouts39500432k+Output is not escaped
#3149Header Footer for Beaver Builder39393110k+Output is not escaped
#3150bbPress Voting392753500Output is not escaped