PluginScore

WordPress.Security.EscapeOutput.ExceptionNotEscaped

Exception output is not escaped

An exception message or related exception value is printed without escaping.

critical weight

Why It Shows Up

The scan found exception data being displayed directly in HTML output.

Why It Matters

Exception messages can include file paths, request values, remote API responses, or database details. Printing them raw can expose information or create XSS risk.

How to Fix

  • Use `esc_html()` or another context-appropriate escaping function before displaying exception text.
  • Show a generic user-facing message and log the detailed exception for administrators or developers.
  • Do not print stack traces, paths, or raw remote responses on public pages.

References

WordPress escaping functions

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1Plugin Check (PCP)012813210k+2026-05-29Exception Not Escaped
#2JetBackup – Backup, Restore & Migrate101,559145100k+2026-05-03Exception Not Escaped
#3Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more1532163500k+2026-04-01Direct Query
#4Visual Composer Website Builder168232040k+2025-08-06Non Prefixed Variable Found
#5WP Import Export Lite1873897940k+2025-08-04Non Prefixed Variable Found
#6Download Monitor194251,36480k+2026-06-16Non Prefixed Hookname Found
#7Event Organiser191,10654420k+2024-10-10Text Domain Mismatch
#8Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution191,218901100k+2026-06-09Exception Not Escaped
#9Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,909878100k+2026-06-16Exception Not Escaped
#10Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization191,2952,6799k+2026-06-15Output Not Escaped
#11Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)195413853m+2026-06-17Missing Translators Comment
#12Membership Plugin – Kadence Memberships195,0822,9829k+2026-05-26Text Domain Mismatch
#13SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments195261,11990k+2026-06-16Non Prefixed Variable Found
#14BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot205081,40630k+2026-06-18Non Prefixed Variable Found
#15Brizy – Page Builder2058972070k+2026-06-09Output Not Escaped
#16GiveWP – Donation Plugin and Fundraising Platform203,4353,580100k+2026-06-15Output Not Escaped
#17Microthemer Lite – Visual Editor to Customize CSS201,0041,69910k+2026-04-15Non Prefixed Variable Found
#18Nimble Page Builder201,5911,68430k+2025-03-24Missing Arg Domain
#19Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+2026-05-19Output Not Escaped
#20Razorpay for WooCommerce20974855100k+2026-06-19Non Prefixed Function Found
#21Backup Migration219811,09380k+2026-06-05Non Prefixed Variable Found
#22CartFlows – Funnel Builder & Checkout Plugin for WooCommerce21461614200k+2026-06-02Text Domain Mismatch
#23Smart Grid-Layout Design for Contact Form 7211,12673410k+2026-05-08Output Not Escaped
#24Comet Cache2185724520k+2025-07-02Output Not Escaped
#25Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+2026-05-22Output Not Escaped
#26Envo Extra2187860020k+2026-05-27Text Domain Mismatch
#27FileOrganizer – WordPress File Manager21536241200k+2026-06-10unlink unlink
#28Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)214188511m+2026-06-01Non Prefixed Variable Found
#29LA-Studio Element Kit for Elementor218,3901,96410k+2026-06-16Text Domain Mismatch
#30Modular DS: Monitor, update, and backup multiple websites211618140k+2026-05-22Exception Not Escaped
#31MotoPress Hotel Booking213,0611,03710k+2026-06-15Text Domain Mismatch
#32Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred211,4693,33310k+2026-06-18Non Prefixed Variable Found
#33Packeta218023338k+2025-11-07Exception Not Escaped
#34Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages211,1732,9839k+2026-06-02Non Prefixed Variable Found
#35Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction211,9185,06510k+2026-06-02Non Prefixed Hookname Found
#36User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor216961,48350k+2026-06-10Recommended
#37Five Star Restaurant Reservations – WordPress Booking Plugin211,0991,14710k+2026-06-19Output Not Escaped
#38Royal Addons for Elementor – Addons and Templates Kit for Elementor2113,0112,530600k+2026-06-08Text Domain Mismatch
#39Accept Stripe Payments2137388220k+2026-05-07Missing
#40ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin2119066030k+2026-05-27Non Prefixed Variable Found
#41Revive Social – Social Media Auto Post and Scheduling Automation Plugin2125542520k+2026-05-21Non Prefixed Hookname Found
#42WCFM – Frontend Manager for WooCommerce214,7215,06720k+2026-04-25Non Prefixed Variable Found
#43WebP Express21160427300k+2026-06-19Non Prefixed Variable Found
#44Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools217863,39530k+2026-06-17Non Prefixed Variable Found
#45Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+2026-05-13Output Not Escaped
#46WP phpMyAdmin214,5286,43550k+2025-10-17Missing Arg Domain
#47wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,3541,14070k+2026-06-08Output Not Escaped
#48WPScan – WordPress Security Scanner215272658k+2026-01-12Text Domain Mismatch
#49Frontend Admin by DynamiApps225,9223,20810k+2026-06-17Text Domain Mismatch
#50Advanced Ads – Ad Manager & AdSense22578734100k+2026-06-08Non Prefixed Variable Found