WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#951Bitcoin Payments – Blockonomics292082272k+Output is not escaped
#952Plugin BlueX for WooCommerce294312162k+Text Domain Mismatch
#953Branded Social Images – Open Graph Images with logo and extra text layer2925491900Non Singular String Literal Domain
#954Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms292363692k+Non-prefixed global variable
#955CloudSecure WP Security2974350100k+Request data is not unslashed
#956Countdown, Coming Soon, Maintenance – Countdown & Clock291,73514310k+Non Singular String Literal Domain
#957Interactive Image Map Plugin – Draw Attention2962022720k+Output is not escaped
#958ECPay Ecommerce for WooCommerce292483702k+Missing nonce verification
#959FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider297478600k+Missing Translators Comment
#960Getwid – Gutenberg Blocks2913917350k+Non-prefixed global variable
#961Gianism29391154700Text Domain Mismatch
#962Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms296253511k+Text Domain Mismatch
#963Offload Media – Cloud Storage29126801k+unlink unlink
#964Page Restrict for WooCommerce29579374700Text Domain Mismatch
#965PlatiOnline Payments29304110700Output is not escaped
#966Pósturinn\'s Shipping with WooCommerce29713551500Text Domain Mismatch
#967Recipe Card Blocks Lite2915140810k+Non-prefixed global variable
#968SamedayCourier Shipping293362694k+Non Singular String Literal Domain
#969Security Ninja – WordPress Security & Firewall291493477k+Direct Query
#970Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce291482465k+Unsafe printing function
#971SQLite Database Integration29161893k+Exception output is not escaped
#972BuddyPress Builder for Elementor – BuddyBuilder293483291k+Text Domain Mismatch
#973Themify Popup292321088k+Text Domain Mismatch
#974Themify – WooCommerce Product Filter2964314520k+Output is not escaped
#975Post Grid Gutenberg Blocks – PostX2911840440k+Non-prefixed global variable
#976Ultimate Auction for WooCommerce – Excellent WP Auction Plugin29525232k+Non-prefixed global variable
#977Visualizer – Tables & Charts Manager with Built-in AI Generator2934833120k+Output is not escaped
#978weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce292766810k+Missing direct file access protection
#979Global Payments SecureSubmit Gateway29199443600Non-prefixed class
#980Woostify Sites Library2922919820k+Text Domain Mismatch
#981WPComplete293833331k+Output is not escaped
#982Contact Form 7 Connector303241965k+Text Domain Mismatch
#983AutoWP – AI Content Writer & Rewriter305483701k+Text Domain Mismatch
#984Private groups305833161k+Unsafe printing function
#985ContentBot AI Writer (AI Content)3031769500rand rand
#986DethemeKit for Elementor3033522830k+Output is not escaped
#987Easy Affiliate Links301861987k+Missing direct file access protection
#988Easy Custom Auto Excerpt30841666k+Non-prefixed global variable
#989Email Templates Customizer and Designer for WordPress and WooCommerce3025034920k+Non-prefixed global variable
#990Eway Payment Gateway3050992800Missing Translators Comment
#991Exclusive Addons for Elementor303,63026350k+Text Domain Mismatch
#992Export Plugins and Templates30143331k+file system operations fread
#993PiWeb Export Customers Users & Guest customer to CSV for WooCommerce30173751k+Text Domain Mismatch
#994FormLift for Keap (Legacy) Web Forms30162315400Request data is not unslashed
#995GlobalPayments Gateway Provider for WooCommerce306361721k+Text Domain Mismatch
#996Invisible reCaptcha for WordPress309018580k+Input is not sanitized
#997Midtrans-WooCommerce301121325k+Non-prefixed global variable
#998Move Addons for Elementor303,919912k+Text Domain Mismatch
#999Novelist304751581k+Output is not escaped
#1000Popularis Extra302371417k+Output is not escaped