ERRORsecurity

OutputNotEscaped

WordPress.Security.EscapeOutput.OutputNotEscaped

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

28M

Active installations

Examples

Real messages found in scanned plugins

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <option value='*$client*'>$client</option>\n"'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <option value='language:{$language_id}'>{$language}</option>\n"'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <option value='{$category->slug}'>{$category->slug} ({$category->name})</option>\n"'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <option value='{$category->slug}*'>{$category->slug}* ("'.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <option value='{$category->slug}+'>{$category->slug}+ ("'.

Affected Plugins

Plugins that have instances of this rule violation

WooCommerce PayPal Payments

woocommerce-paypal-payments

issues

800K

installs