WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #951 | Bitcoin Payments – Blockonomics | 29 | 208 | 227 | 2k+ | Output is not escaped | ||
| #952 | Plugin BlueX for WooCommerce | 29 | 431 | 216 | 2k+ | Text Domain Mismatch | ||
| #953 | Branded Social Images – Open Graph Images with logo and extra text layer | 29 | 254 | 91 | 900 | Non Singular String Literal Domain | ||
| #954 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | 29 | 236 | 369 | 2k+ | Non-prefixed global variable | ||
| #955 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #956 | Countdown, Coming Soon, Maintenance – Countdown & Clock | 29 | 1,735 | 143 | 10k+ | Non Singular String Literal Domain | ||
| #957 | Interactive Image Map Plugin – Draw Attention | 29 | 620 | 227 | 20k+ | Output is not escaped | ||
| #958 | ECPay Ecommerce for WooCommerce | 29 | 248 | 370 | 2k+ | Missing nonce verification | ||
| #959 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | ||
| #960 | Getwid – Gutenberg Blocks | 29 | 139 | 173 | 50k+ | Non-prefixed global variable | ||
| #961 | Gianism | 29 | 391 | 154 | 700 | Text Domain Mismatch | ||
| #962 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | 29 | 625 | 351 | 1k+ | Text Domain Mismatch | ||
| #963 | Offload Media – Cloud Storage | 29 | 126 | 80 | 1k+ | unlink unlink | ||
| #964 | Page Restrict for WooCommerce | 29 | 579 | 374 | 700 | Text Domain Mismatch | ||
| #965 | PlatiOnline Payments | 29 | 304 | 110 | 700 | Output is not escaped | ||
| #966 | Pósturinn\'s Shipping with WooCommerce | 29 | 713 | 551 | 500 | Text Domain Mismatch | ||
| #967 | Recipe Card Blocks Lite | 29 | 151 | 408 | 10k+ | Non-prefixed global variable | ||
| #968 | SamedayCourier Shipping | 29 | 336 | 269 | 4k+ | Non Singular String Literal Domain | ||
| #969 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | Direct Query | ||
| #970 | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | 29 | 148 | 246 | 5k+ | Unsafe printing function | ||
| #971 | SQLite Database Integration | 29 | 161 | 89 | 3k+ | Exception output is not escaped | ||
| #972 | BuddyPress Builder for Elementor – BuddyBuilder | 29 | 348 | 329 | 1k+ | Text Domain Mismatch | ||
| #973 | Themify Popup | 29 | 232 | 108 | 8k+ | Text Domain Mismatch | ||
| #974 | Themify – WooCommerce Product Filter | 29 | 643 | 145 | 20k+ | Output is not escaped | ||
| #975 | Post Grid Gutenberg Blocks – PostX | 29 | 118 | 404 | 40k+ | Non-prefixed global variable | ||
| #976 | Ultimate Auction for WooCommerce – Excellent WP Auction Plugin | 29 | 52 | 523 | 2k+ | Non-prefixed global variable | ||
| #977 | Visualizer – Tables & Charts Manager with Built-in AI Generator | 29 | 348 | 331 | 20k+ | Output is not escaped | ||
| #978 | weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce | 29 | 276 | 68 | 10k+ | Missing direct file access protection | ||
| #979 | Global Payments SecureSubmit Gateway | 29 | 199 | 443 | 600 | Non-prefixed class | ||
| #980 | Woostify Sites Library | 29 | 229 | 198 | 20k+ | Text Domain Mismatch | ||
| #981 | WPComplete | 29 | 383 | 333 | 1k+ | Output is not escaped | ||
| #982 | Contact Form 7 Connector | 30 | 324 | 196 | 5k+ | Text Domain Mismatch | ||
| #983 | AutoWP – AI Content Writer & Rewriter | 30 | 548 | 370 | 1k+ | Text Domain Mismatch | ||
| #984 | Private groups | 30 | 583 | 316 | 1k+ | Unsafe printing function | ||
| #985 | ContentBot AI Writer (AI Content) | 30 | 317 | 69 | 500 | rand rand | ||
| #986 | DethemeKit for Elementor | 30 | 335 | 228 | 30k+ | Output is not escaped | ||
| #987 | Easy Affiliate Links | 30 | 186 | 198 | 7k+ | Missing direct file access protection | ||
| #988 | Easy Custom Auto Excerpt | 30 | 84 | 166 | 6k+ | Non-prefixed global variable | ||
| #989 | Email Templates Customizer and Designer for WordPress and WooCommerce | 30 | 250 | 349 | 20k+ | Non-prefixed global variable | ||
| #990 | Eway Payment Gateway | 30 | 509 | 92 | 800 | Missing Translators Comment | ||
| #991 | Exclusive Addons for Elementor | 30 | 3,630 | 263 | 50k+ | Text Domain Mismatch | ||
| #992 | Export Plugins and Templates | 30 | 143 | 33 | 1k+ | file system operations fread | ||
| #993 | PiWeb Export Customers Users & Guest customer to CSV for WooCommerce | 30 | 173 | 75 | 1k+ | Text Domain Mismatch | ||
| #994 | FormLift for Keap (Legacy) Web Forms | 30 | 162 | 315 | 400 | Request data is not unslashed | ||
| #995 | GlobalPayments Gateway Provider for WooCommerce | 30 | 636 | 172 | 1k+ | Text Domain Mismatch | ||
| #996 | Invisible reCaptcha for WordPress | 30 | 90 | 185 | 80k+ | Input is not sanitized | ||
| #997 | Midtrans-WooCommerce | 30 | 112 | 132 | 5k+ | Non-prefixed global variable | ||
| #998 | Move Addons for Elementor | 30 | 3,919 | 91 | 2k+ | Text Domain Mismatch | ||
| #999 | Novelist | 30 | 475 | 158 | 1k+ | Output is not escaped | ||
| #1000 | Popularis Extra | 30 | 237 | 141 | 7k+ | Output is not escaped |