WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1001 | Popup Builder – Create highly converting, mobile friendly marketing popups. | 30 | 26 | 722 | 200k+ | Non-prefixed global variable | ||
| #1002 | QA Assistants – Driven by data | 30 | 4 | 867 | 2k+ | Non-prefixed global variable | ||
| #1003 | Rublon Multi-Factor Authentication (MFA) | 30 | 216 | 160 | 400 | Output is not escaped | ||
| #1004 | Sina Extension for Elementor | 30 | 3,691 | 160 | 40k+ | Text Domain Mismatch | ||
| #1005 | Stackable – Page Builder Gutenberg Blocks | 30 | 482 | 87 | 100k+ | Non Singular String Literal Domain | ||
| #1006 | Themify Portfolio Post | 30 | 214 | 102 | 30k+ | Text Domain Mismatch | ||
| #1007 | User Access Manager | 30 | 393 | 171 | 10k+ | Output is not escaped | ||
| #1008 | User Avatar – Reloaded | 30 | 352 | 171 | 900 | Text Domain Mismatch | ||
| #1009 | Waitlist Woocommerce ( Back in stock notifier ) | 30 | 272 | 311 | 4k+ | Output is not escaped | ||
| #1010 | Custom Post Types and Custom Fields creator – WCK | 30 | 1,299 | 137 | 10k+ | Text Domain Mismatch | ||
| #1011 | Webling | 30 | 147 | 313 | 500 | Input is not validated | ||
| #1012 | Widget Manager Light | 30 | 233 | 83 | 600 | Text Domain Mismatch | ||
| #1013 | Widgetize Pages Light | 30 | 145 | 104 | 3k+ | Output is not escaped | ||
| #1014 | WP Admin UI Customize | 30 | 629 | 390 | 30k+ | Non-prefixed global variable | ||
| #1015 | WP Docs | 30 | 268 | 271 | 1k+ | Output is not escaped | ||
| #1016 | WP Inventory Manager | 30 | 856 | 233 | 1k+ | Output is not escaped | ||
| #1017 | WPS Cleaner | 30 | 430 | 491 | 20k+ | Output is not escaped | ||
| #1018 | Yaad Sarig Payment Gateway For WC | 30 | 158 | 271 | 2k+ | Nonce verification recommended | ||
| #1019 | AI Copilot – Content Generator | 31 | 159 | 163 | 1k+ | wp function not compatible with requires wp | ||
| #1020 | All-in-one contact buttons – WPSHARE247 | 31 | 108 | 113 | 4k+ | Non-prefixed global variable | ||
| #1021 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Nonce verification recommended | ||
| #1022 | AI ChatBot with ChatGPT and Content Generator by AYS | 31 | 170 | 378 | 400 | Non-prefixed global variable | ||
| #1023 | Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam | 31 | 598 | 70 | 700 | Text Domain Mismatch | ||
| #1024 | Buy Me a Coffee – Button and Widget Plugin | 31 | 138 | 140 | 6k+ | Output is not escaped | ||
| #1025 | CleverReach® WP | 31 | 103 | 93 | 4k+ | Non-prefixed global variable | ||
| #1026 | Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons | 31 | 393 | 329 | 6k+ | Missing direct file access protection | ||
| #1027 | MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions | 31 | 663 | 273 | 2k+ | Text Domain Mismatch | ||
| #1028 | DirectoryPress Frontend | 31 | 402 | 563 | 800 | Non-prefixed global variable | ||
| #1029 | Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) | 31 | 113 | 233 | 2k+ | Non-prefixed namespace | ||
| #1030 | Up2pay e-Transactions WooCommerce Payment Gateway | 31 | 459 | 175 | 4k+ | Text Domain Mismatch | ||
| #1031 | EnvoThemes Demo Import | 31 | 221 | 140 | 3k+ | Output is not escaped | ||
| #1032 | Express Checkout via PayPal for WooCommerce | 31 | 158 | 200 | 800 | Nonce verification recommended | ||
| #1033 | افزونه پیامک حرفه ای فراز اس ام اس | 31 | 89 | 180 | 1k+ | wp function not compatible with requires wp | ||
| #1034 | g-FFL Checkout | 31 | 249 | 300 | 600 | Request data is not unslashed | ||
| #1035 | WP Gravity Forms Constant Contact Plugin | 31 | 684 | 164 | 600 | Text Domain Mismatch | ||
| #1036 | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | 31 | 402 | 156 | 1k+ | Text Domain Mismatch | ||
| #1037 | HFD ePost Integration | 31 | 186 | 110 | 1k+ | Text Domain Mismatch | ||
| #1038 | OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. | 31 | 213 | 62 | 300k+ | Output is not escaped | ||
| #1039 | Image Hotspot – Map Image Annotation | 31 | 95 | 287 | 3k+ | Non-prefixed global variable | ||
| #1040 | Interactive Image Map Builder | 31 | 160 | 381 | 1k+ | Non-prefixed global variable | ||
| #1041 | Keywords to Links Converter | 31 | 288 | 144 | 700 | Text Domain Mismatch | ||
| #1042 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #1043 | Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity | 31 | 122 | 131 | 2k+ | Output is not escaped | ||
| #1044 | Melapress Login Security | 31 | 69 | 278 | 2k+ | Non-prefixed global variable | ||
| #1045 | Openpay Cards Plugin | 31 | 166 | 105 | 3k+ | Text Domain Mismatch | ||
| #1046 | Patreon WordPress | 31 | 276 | 339 | 3k+ | Output is not escaped | ||
| #1047 | PayKeeper Payment Gateway for WooCommerce | 31 | 113 | 44 | 500 | Non Singular String Literal Domain | ||
| #1048 | افزونه پیامک ووکامرس Persian WooCommerce SMS | 31 | 72 | 269 | 40k+ | Nonce verification recommended | ||
| #1049 | Pop-up | 31 | 103 | 91 | 10k+ | Output is not escaped | ||
| #1050 | Qi Blocks | 31 | 46 | 345 | 60k+ | Non-prefixed global variable |