WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1051 | Sidebar Manager Light | 31 | 221 | 76 | 1k+ | Text Domain Mismatch | ||
| #1052 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #1053 | Swatchly – Product Variation Swatches for WooCommerce | 31 | 540 | 214 | 5k+ | Output is not escaped | ||
| #1054 | Themify Store Locator | 31 | 244 | 125 | 500 | Text Domain Mismatch | ||
| #1055 | Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification | 31 | 295 | 876 | 2k+ | Missing nonce verification | ||
| #1056 | Web Push Notifications – Webpushr | 31 | 169 | 293 | 10k+ | Output is not escaped | ||
| #1057 | Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets | 31 | 837 | 295 | 100k+ | Unsafe printing function | ||
| #1058 | WCPOS – Point of Sale (POS) plugin for WooCommerce | 31 | 75 | 226 | 5k+ | Nonce verification recommended | ||
| #1059 | Discussion Board – WordPress Forum Plugin | 31 | 105 | 153 | 2k+ | Request data is not unslashed | ||
| #1060 | WP Simple Booking Calendar | 31 | 337 | 380 | 20k+ | Output is not escaped | ||
| #1061 | WP Visitor Statistics (Real Time Traffic) | 31 | 353 | 691 | 20k+ | Nonce verification recommended | ||
| #1062 | WP ULike – Like & Dislike Buttons for Engagement and Feedback | 31 | 269 | 358 | 60k+ | Output is not escaped | ||
| #1063 | One to one user Chat by WPGuppy | 31 | 74 | 187 | 700 | Non-prefixed global variable | ||
| #1064 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 31 | 483 | 217 | 2k+ | Unsafe printing function | ||
| #1065 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #1066 | ActiveDEMAND | 32 | 157 | 161 | 1k+ | Output is not escaped | ||
| #1067 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | Non-prefixed global variable | ||
| #1068 | Advanced Access Manager – Access Governance for WordPress | 32 | 849 | 62 | 100k+ | Output is not escaped | ||
| #1069 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier | 32 | 325 | 102 | 600 | Missing Arg Domain | ||
| #1070 | annasta Filters for WooCommerce | 32 | 1,073 | 441 | 2k+ | Text Domain Mismatch | ||
| #1071 | Auto YouTube Importer | 32 | 338 | 173 | 1k+ | Text Domain Mismatch | ||
| #1072 | Speed Kit | 32 | 296 | 73 | 2k+ | Output is not escaped | ||
| #1073 | BuddyPress for LearnDash | 32 | 190 | 284 | 1k+ | Output is not escaped | ||
| #1074 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | Unsafe printing function | ||
| #1075 | Code Manager | 32 | 217 | 261 | 500 | Nonce verification recommended | ||
| #1076 | Vimeotheque – Vimeo WordPress Plugin & Video Gallery | 32 | 642 | 264 | 2k+ | Unsafe printing function | ||
| #1077 | Contact Form Builder by vcita | 32 | 666 | 174 | 700 | Text Domain Mismatch | ||
| #1078 | DHL eCommerce (Benelux) for WooCommerce | 32 | 222 | 330 | 2k+ | Nonce verification recommended | ||
| #1079 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | 32 | 560 | 198 | 5k+ | Text Domain Mismatch | ||
| #1080 | FA Lite – WP responsive slider plugin | 32 | 726 | 140 | 500 | Unsafe printing function | ||
| #1081 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 776 | 8k+ | Nonce verification recommended | ||
| #1082 | WP Gravity Forms HubSpot | 32 | 771 | 160 | 600 | Text Domain Mismatch | ||
| #1083 | CRM Perks Integration for Gravity Forms and Salesforce | 32 | 807 | 178 | 1k+ | Text Domain Mismatch | ||
| #1084 | WP Gravity Forms Zoho CRM and Bigin | 32 | 750 | 174 | 400 | Text Domain Mismatch | ||
| #1085 | Insights from Google PageSpeed | 32 | 414 | 475 | 20k+ | Text Domain Mismatch | ||
| #1086 | Members – Membership & User Role Editor Plugin | 32 | 233 | 259 | 300k+ | Output is not escaped | ||
| #1087 | WP Mobile Menu – The Mobile-Friendly Responsive Menu | 32 | 990 | 195 | 70k+ | Output is not escaped | ||
| #1088 | Moyasar | 32 | 539 | 221 | 700 | Text Domain Mismatch | ||
| #1089 | Notice Bar | 32 | 95 | 284 | 700 | Non-prefixed global variable | ||
| #1090 | Opal Mega Menu | 32 | 419 | 119 | 400 | Text Domain Mismatch | ||
| #1091 | Barion Payment Gateway for WooCommerce | 32 | 67 | 152 | 6k+ | Non-prefixed global variable | ||
| #1092 | Autopay dla WooCommerce | 32 | 95 | 83 | 900 | Output is not escaped | ||
| #1093 | PilotPress | 32 | 150 | 285 | 900 | Output is not escaped | ||
| #1094 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | 32 | 348 | 258 | 50k+ | Output is not escaped | ||
| #1095 | Posti Shipping | 32 | 664 | 157 | 1k+ | Text Domain Mismatch | ||
| #1096 | Volunteer Sign Up Sheets | 32 | 967 | 401 | 1k+ | Output is not escaped | ||
| #1097 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | Output is not escaped | ||
| #1098 | Showcase IDX Real Estate Search & Lead Capture | 32 | 123 | 52 | 2k+ | Output is not escaped | ||
| #1099 | Simple Ajax Chat – Add a Fast, Secure Chat Box | 32 | 108 | 266 | 2k+ | Output is not escaped | ||
| #1100 | Sky Addons for Elementor | 32 | 85 | 351 | 2k+ | Non-prefixed namespace |