WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1101 | Restrict Usernames Emails Characters | 32 | 327 | 367 | 1k+ | Output is not escaped | ||
| #1102 | Showcase IDX Real Estate Search & Lead Capture | 32 | 123 | 52 | 2k+ | Output is not escaped | ||
| #1103 | Simple Ajax Chat – Add a Fast, Secure Chat Box | 32 | 108 | 266 | 2k+ | Output is not escaped | ||
| #1104 | Sky Addons for Elementor | 32 | 85 | 351 | 2k+ | Non-prefixed namespace | ||
| #1105 | Split Test For Elementor | 32 | 98 | 132 | 3k+ | Non-prefixed global variable | ||
| #1106 | Spoki – Chat Buttons and WooCommerce Notifications | 32 | 1,074 | 260 | 700 | Unsafe printing function | ||
| #1107 | Stock Sync for WooCommerce | 32 | 362 | 232 | 1k+ | Text Domain Mismatch | ||
| #1108 | Tainacan Support for Blocksy | 32 | 244 | 526 | 500 | Non-prefixed global variable | ||
| #1109 | Theme My Login | 32 | 251 | 549 | 60k+ | Non-prefixed function | ||
| #1110 | Thrive Automator | 32 | 84 | 84 | 10k+ | SQL query is not prepared | ||
| #1111 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | Output is not escaped | ||
| #1112 | Unbounce Landing Pages | 32 | 169 | 86 | 10k+ | Output is not escaped | ||
| #1113 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring | 32 | 196 | 160 | 900 | Text Domain Mismatch | ||
| #1114 | Easy 3D Viewer | 32 | 399 | 241 | 1k+ | Text Domain Mismatch | ||
| #1115 | Payment Gateway for Redsys & WooCommerce Lite | 32 | 125 | 75 | 20k+ | Text Domain Mismatch | ||
| #1116 | WooMS | 32 | 199 | 58 | 500 | Output is not escaped | ||
| #1117 | WP 2-step verification | 32 | 154 | 65 | 1k+ | Output is not escaped | ||
| #1118 | SEOPress – AI SEO Plugin & On-site SEO | 32 | 138 | 429 | 300k+ | Non-prefixed global variable | ||
| #1119 | WPCasa – Real Estate for WordPress | 32 | 85 | 429 | 1k+ | Non-prefixed global variable | ||
| #1120 | Privacy Policy Generator – WPLP Legal Pages | 32 | 26 | 409 | 10k+ | Non-prefixed global variable | ||
| #1121 | Yoo Slider – Image Slider & Video Slider | 32 | 744 | 209 | 600 | Output is not escaped | ||
| #1122 | Advanced Forms for ACF | 33 | 169 | 278 | 3k+ | Non-prefixed hook name | ||
| #1123 | Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia | 33 | 80 | 172 | 500 | Nonce verification recommended | ||
| #1124 | Archive Posts Sort Customize | 33 | 338 | 97 | 600 | Output is not escaped | ||
| #1125 | Bosta WooCommerce | 33 | 303 | 180 | 700 | Text Domain Mismatch | ||
| #1126 | Cargus | 33 | 48 | 64 | 700 | Input is not sanitized | ||
| #1127 | Nexi XPay | 33 | 496 | 277 | 6k+ | Text Domain Mismatch | ||
| #1128 | Chartify – WordPress Chart Plugin | 33 | 76 | 411 | 3k+ | Non-prefixed global variable | ||
| #1129 | Contact Form Plugin | 33 | 47 | 220 | 2k+ | Non-prefixed function | ||
| #1130 | Chwazi – Delivery & Pickup Scheduling for WooCommerce | 33 | 563 | 192 | 600 | Text Domain Mismatch | ||
| #1131 | Easy Upload Files During Checkout | 33 | 218 | 199 | 500 | Unsafe printing function | ||
| #1132 | Human Presence – Stop Form Spam Without ReCaptcha | 33 | 54 | 65 | 1k+ | Request data is not unslashed | ||
| #1133 | Fastly | 33 | 221 | 66 | 1k+ | Text Domain Mismatch | ||
| #1134 | FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN | 33 | 51 | 333 | 4k+ | Request data is not unslashed | ||
| #1135 | GetResponse Forms by Optin Cat | 33 | 68 | 138 | 1k+ | Missing direct file access protection | ||
| #1136 | Comments – GraphComment | AI-Moderated Comment System | 33 | 191 | 177 | 400 | Unsafe printing function | ||
| #1137 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | 33 | 377 | 139 | 20k+ | Unsafe printing function | ||
| #1138 | WPZOOM Social Feed Widget & Block | 33 | 310 | 278 | 60k+ | Unsafe printing function | ||
| #1139 | JetWidgets for Elementor and WooCommerce | 33 | 187 | 146 | 7k+ | Text Domain Mismatch | ||
| #1140 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | 33 | 274 | 106 | 3k+ | Text Domain Mismatch | ||
| #1141 | LWSCache | 33 | 47 | 104 | 6k+ | Non-prefixed global variable | ||
| #1142 | Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | 33 | 71 | 133 | 2k+ | Missing direct file access protection | ||
| #1143 | MAS Companies For WP Job Manager | 33 | 62 | 308 | 1k+ | Non-prefixed hook name | ||
| #1144 | Molongui Post Contributors: Multi-Role Contributor Attribution | 33 | 240 | 162 | 500 | Output is not escaped | ||
| #1145 | News Announcement Scroll | 33 | 237 | 259 | 2k+ | Non-prefixed global variable | ||
| #1146 | Nomad World Map | 33 | 424 | 191 | 700 | Text Domain Mismatch | ||
| #1147 | Pastacode | 33 | 77 | 66 | 400 | Non-prefixed global variable | ||
| #1148 | Payflex Payment Gateway | 33 | 181 | 61 | 1k+ | Text Domain Mismatch | ||
| #1149 | Post Lists View Custom | 33 | 462 | 150 | 2k+ | Missing Arg Domain | ||
| #1150 | PublishPress Checklists: Pre-Publishing Approval Checklist – Validate Post Requirements | 33 | 140 | 182 | 3k+ | Missing Translators Comment |