PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissing

Setting is missing a sanitization callback

A registered setting does not define a sanitization callback.

critical weight

Why It Shows Up

Plugin Check found `register_setting()` without a `sanitize_callback` or equivalent validation strategy.

Why It Matters

Settings can be saved by administrators and then displayed or used later. Without sanitization, invalid or unsafe values can persist.

How to Fix

Pass a `sanitize_callback` in the `register_setting()` arguments.
Use built-in sanitizers for simple values and custom callbacks for structured settings.
Validate allowed values and return a safe default when input is invalid.

References

WordPress validating, sanitizing, and escaping

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Intercom	0	60	71	6k+	2025-04-16	Non Prefixed Function Found
#2	Download Monitor	19	425	1,364	80k+	2026-06-16	Non Prefixed Hookname Found
#3	Event Organiser	19	1,106	544	20k+	2024-10-10	Text Domain Mismatch
#4	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	2026-05-26	Text Domain Mismatch
#5	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	2026-06-18	Output Not Escaped
#6	Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)	21	418	851	1m+	2026-06-01	Non Prefixed Variable Found
#7	MotoPress Hotel Booking	21	3,061	1,037	10k+	2026-06-15	Text Domain Mismatch
#8	OneLogin SAML SSO	21	508	330	7k+	2025-12-09	wp function not compatible with requires wp
#9	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	2026-06-02	Non Prefixed Hookname Found
#10	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	2026-06-10	Recommended
#11	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	2026-06-08	Text Domain Mismatch
#12	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2026-04-25	Non Prefixed Variable Found
#13	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	2026-06-04	Exception Not Escaped
#14	WPScan – WordPress Security Scanner	21	527	265	8k+	2026-01-12	Text Domain Mismatch
#15	Advanced Ads – Ad Manager & AdSense	22	578	734	100k+	2026-06-08	Non Prefixed Variable Found
#16	Shortcodes and extra features for Phlox theme	22	413	426	90k+	2026-05-09	Output Not Escaped
#17	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	22	662	832	8k+	2026-06-21	Non Prefixed Variable Found
#18	E2Pdf – Export Pdf Tool for WordPress	22	1,075	836	10k+	2026-06-16	Unsafe Printing Function
#19	IMPress for IDX Broker	22	1,085	636	7k+	2026-04-14	Text Domain Mismatch
#20	Restrict User Access – Ultimate Membership & Content Protection	22	977	1,840	10k+	2025-10-06	Non Prefixed Variable Found
#21	Uncanny Toolkit for LearnDash	22	539	994	20k+	2026-05-29	Output Not Escaped
#22	Advanced AJAX Product Filters	22	2,683	1,205	50k+	2026-05-26	Text Domain Mismatch
#23	ЮKassa для WooCommerce	22	591	168	9k+	2026-05-28	Echo Found
#24	Advanced Product Labels for WooCommerce	23	921	559	20k+	2026-05-26	Text Domain Mismatch
#25	AI Engine – The Chatbot, AI Framework & MCP for WordPress	23	413	559	100k+	2026-06-20	error log error log
#26	Autoptimize	23	288	191	800k+	2026-04-04	Output Not Escaped
#27	B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More	23	1,347	409	10k+	2026-06-14	Text Domain Mismatch
#28	BA Book Everything	23	1,184	1,086	10k+	2026-05-22	Output Not Escaped
#29	All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more.	23	742	1,343	60k+	2026-06-12	Non Prefixed Variable Found
#30	Ecwid by Lightspeed Ecommerce Shopping Cart	23	339	307	20k+	2026-02-13	missing direct file access protection
#31	Essential Real Estate	23	529	5,060	8k+	2026-06-01	Non Prefixed Variable Found
#32	Ezoic	23	432	516	10k+	2026-06-17	Output Not Escaped
#33	Featured Images in RSS for Mailchimp & More	23	780	1,299	20k+	2026-05-30	Non Prefixed Variable Found
#34	GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress	23	3,662	2,971	10k+	2026-06-16	Output Not Escaped
#35	IP Geo Block	23	399	589	9k+	2019-01-22	Output Not Escaped
#36	Jetpack – WP Security, Backup, Speed, & Growth	23	2,821	1,303	3m+	2026-06-09	Text Domain Mismatch
#37	King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	23	1,837	3,878	10k+	2026-05-23	Non Prefixed Variable Found
#38	MaxButtons – Create buttons	23	655	409	70k+	2025-09-15	Output Not Escaped
#39	MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar	23	4,065	488	20k+	2026-04-17	Text Domain Mismatch
#40	ND Shortcodes	23	621	2,426	20k+	2025-03-18	Non Prefixed Variable Found
#41	Primary Addon for Elementor	23	765	1,306	7k+	2025-04-02	Non Prefixed Variable Found
#42	Robo Gallery – Photo & Image Slider	23	1,291	530	40k+	2026-05-27	Output Not Escaped
#43	Widgets on Pages	23	809	1,306	20k+	2024-11-13	Non Prefixed Variable Found
#44	A2 Optimized WP – Turbocharge and secure your WordPress site	24	271	231	60k+	2025-02-10	Missing Arg Domain
#45	Ivory Search – WordPress Search Plugin	24	1,176	1,688	100k+	2026-05-29	Non Prefixed Variable Found
#46	All-In-One Security (AIOS) – Security and Firewall	24	552	1,228	1m+	2026-06-05	Non Prefixed Variable Found
#47	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress	24	1,705	1,393	7k+	2026-06-16	Text Domain Mismatch
#48	Brands for WooCommerce	24	798	674	6k+	2026-05-26	Text Domain Mismatch
#49	Doubly – Cross Domain Copy Paste for WordPress	24	252	55	10k+	2025-12-23	Output Not Escaped
#50	eCommerce Product Catalog Plugin for WordPress	24	621	3,177	7k+	2026-05-28	Non Prefixed Function Found