WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1201 | Greenshift – animation and page builder blocks | 34 | 33 | 272 | 70k+ | Non-prefixed global variable | ||
| #1202 | HollerBox — Fast & Effective Popups & Lead-Generation | 34 | 78 | 92 | 2k+ | Output is not escaped | ||
| #1203 | SSL Mixed Content Fix | 34 | 53 | 65 | 8k+ | Output is not escaped | ||
| #1204 | Kadence WooCommerce Email Designer | 34 | 119 | 230 | 100k+ | Non-prefixed global variable | ||
| #1205 | Lenix Leads Collector | 34 | 414 | 242 | 10k+ | Text Domain Mismatch | ||
| #1206 | Login with Vipps and MobilePay | 34 | 263 | 174 | 900 | Output is not escaped | ||
| #1207 | Mailmunch Forms for Mailchimp | 34 | 120 | 53 | 10k+ | Output is not escaped | ||
| #1208 | Media Vault | 34 | 115 | 150 | 800 | Output is not escaped | ||
| #1209 | Melhor Envio | 34 | 24 | 276 | 10k+ | Nonce verification recommended | ||
| #1210 | Meta Tag Manager | 34 | 142 | 321 | 80k+ | Nonce verification recommended | ||
| #1211 | OTP Login & Register Woocommerce | 34 | 148 | 202 | 1k+ | Missing nonce verification | ||
| #1212 | Montonio for WooCommerce | 34 | 44 | 257 | 10k+ | Non-prefixed global variable | ||
| #1213 | MPL-Publisher — Ebook & Audiobook Creator | 34 | 489 | 76 | 800 | Text Domain Mismatch | ||
| #1214 | NextGEN Gallery Optimizer | 34 | 128 | 92 | 2k+ | Output is not escaped | ||
| #1215 | One User Avatar | User Profile Picture | 34 | 68 | 190 | 100k+ | Non-prefixed global variable | ||
| #1216 | Child Theme Creator by Orbisius | 34 | 86 | 39 | 10k+ | Output is not escaped | ||
| #1217 | OwnerRez | 34 | 79 | 56 | 700 | Unsafe printing function | ||
| #1218 | PhonePe Payment Solutions | 34 | 77 | 106 | 10k+ | Missing direct file access protection | ||
| #1219 | Podigee WordPress Quick Publish – now with Gutenberg support! | 34 | 108 | 95 | 700 | Text Domain Mismatch | ||
| #1220 | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | 34 | 261 | 863 | 20k+ | Non-prefixed global variable | ||
| #1221 | Route ‑ Shipping Protection | 34 | 64 | 150 | 500 | Missing nonce verification | ||
| #1222 | Subscribe to Download Lite – Email Before Download Plugin | 34 | 106 | 157 | 400 | Non-prefixed global variable | ||
| #1223 | SuperFrete | 34 | 84 | 242 | 1k+ | Request data is not unslashed | ||
| #1224 | Swiftype Site Search Plugin for WordPress | 34 | 250 | 50 | 400 | Output is not escaped | ||
| #1225 | Testimonial Slider | 34 | 448 | 262 | 3k+ | Unsafe printing function | ||
| #1226 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #1227 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | ||
| #1228 | Ultra Companion – Companion plugin for WPoperation Themes | 34 | 73 | 116 | 1k+ | Missing direct file access protection | ||
| #1229 | Visual Form Builder | 34 | 82 | 329 | 20k+ | Direct Query | ||
| #1230 | Abandoned Cart Reports For WooCommerce | 34 | 133 | 163 | 2k+ | Output is not escaped | ||
| #1231 | PagHiper Boleto e PIX para WooCommerce | 34 | 29 | 138 | 1k+ | Missing nonce verification | ||
| #1232 | MailerLite – WooCommerce integration | 34 | 64 | 36 | 30k+ | Output is not escaped | ||
| #1233 | Simple Discount Rules for Woocommerce | 34 | 175 | 214 | 5k+ | Nonce verification recommended | ||
| #1234 | Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin | 34 | 230 | 154 | 2k+ | Output is not escaped | ||
| #1235 | Advanced Free Shipping for WooCommerce | 34 | 270 | 132 | 40k+ | Text Domain Mismatch | ||
| #1236 | Digital Signature Add-on for WooCommerce | 34 | 165 | 76 | 1k+ | Text Domain Mismatch | ||
| #1237 | Wp Default Sender Email by IT Pixelz | 34 | 682 | 25 | 500 | Output is not escaped | ||
| #1238 | WP Dummy Content Generator | 34 | 93 | 130 | 6k+ | Output is not escaped | ||
| #1239 | WP Forms Signature Contract Add-On | 34 | 128 | 35 | 900 | Text Domain Mismatch | ||
| #1240 | Insert Headers And Footers | 34 | 83 | 113 | 300k+ | Non-prefixed global variable | ||
| #1241 | WP Mail Logging | 34 | 76 | 258 | 300k+ | Nonce verification recommended | ||
| #1242 | LightStart – Maintenance Mode, Coming Soon and Landing Page Builder | 34 | 42 | 312 | 400k+ | Request data is not unslashed | ||
| #1243 | WP SendFox | 34 | 296 | 118 | 1k+ | Text Domain Mismatch | ||
| #1244 | WP Subscription Forms – Subscription Form Plugin for WordPress | 34 | 131 | 220 | 400 | Non-prefixed global variable | ||
| #1245 | WPLMS MyCred AddOn | 34 | 383 | 73 | 800 | Text Domain Mismatch | ||
| #1246 | Zero Spam for WordPress | 34 | 79 | 393 | 20k+ | Non-prefixed global variable | ||
| #1247 | zipMoney(Zip Co) Payments Plugin for WooCommerce | 34 | 147 | 70 | 2k+ | Text Domain Mismatch | ||
| #1248 | Admin Color Schemer | 35 | 166 | 20 | 1k+ | Exception output is not escaped | ||
| #1249 | Advanced Permalinks | 35 | 94 | 76 | 400 | wp function not compatible with requires wp | ||
| #1250 | Affiliate Link Marker | 35 | 31 | 4 | 400 | Text Domain Mismatch |