WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1251 | Advanced Permalinks | 35 | 94 | 76 | 400 | wp function not compatible with requires wp | ||
| #1252 | Affiliate Link Marker | 35 | 31 | 4 | 400 | Text Domain Mismatch | ||
| #1253 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | Non-prefixed global variable | ||
| #1254 | AMIMOTO Plugin Dashboard | 35 | 82 | 82 | 900 | Non Singular String Literal Domain | ||
| #1255 | Amministrazione Trasparente | 35 | 80 | 46 | 1k+ | Output is not escaped | ||
| #1256 | Author Box WP Lens | 35 | 169 | 49 | 1k+ | Unsafe printing function | ||
| #1257 | Auto Login for Sakura Rental Server | 35 | 3 | 3 | 10k+ | Hidden files included | ||
| #1258 | Bicycles by falbar | 35 | 426 | 65 | 600 | Output is not escaped | ||
| #1259 | Block User Account | 35 | 280 | 143 | 1k+ | Unsafe printing function | ||
| #1260 | Registration Options for BuddyPress | 35 | 47 | 132 | 1k+ | Non-prefixed function | ||
| #1261 | BSK Forms Blacklist | 35 | 831 | 550 | 1k+ | Output is not escaped | ||
| #1262 | BTCPay Server – Accept Bitcoin payments in WooCommerce | 35 | 48 | 86 | 1k+ | Missing nonce verification | ||
| #1263 | Central Connect | 35 | 5 | 21 | 400 | Nonce verification recommended | ||
| #1264 | CF7 Views – Complete Entry Management for Contact Form 7 | 35 | 172 | 181 | 1k+ | Output is not escaped | ||
| #1265 | CM E-Mail Blacklist – Simple email filtering for safer registration | 35 | 269 | 205 | 800 | Output is not escaped | ||
| #1266 | Conditional Menus | 35 | 92 | 28 | 60k+ | Text Domain Mismatch | ||
| #1267 | Content Mask | 35 | 50 | 350 | 1k+ | Non-prefixed global variable | ||
| #1268 | EasyTest – Simplify A/B Testing | 35 | 9 | 76 | 10k+ | Non-prefixed global variable | ||
| #1269 | Cryptex | E-Mail Address Protection | 35 | 62 | 10 | 900 | Output is not escaped | ||
| #1270 | CubeWP Framework | 35 | 114 | 71 | 4k+ | wp function not compatible with requires wp | ||
| #1271 | Currency Switcher for WooCommerce | 35 | 166 | 61 | 800 | Text Domain Mismatch | ||
| #1272 | Dadevarzan WordPress Common | 35 | 56 | 71 | 700 | Text Domain Mismatch | ||
| #1273 | Deposits & Partial Payments for WooCommerce | 35 | 172 | 144 | 5k+ | Text Domain Mismatch | ||
| #1274 | PiWeb Disable payment method / Partial payment for WooCommerce | 35 | 55 | 221 | 4k+ | Non-prefixed class | ||
| #1275 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #1276 | Enlighter – Customizable Syntax Highlighter | 35 | 50 | 10 | 10k+ | Output is not escaped | ||
| #1277 | Equivalent Mobile Redirect | 35 | 29 | 17 | 2k+ | Text Domain Mismatch | ||
| #1278 | Ever Compare – Products Compare Plugin for WooCommerce | 35 | 2 | 23 | 600 | Non-prefixed global variable | ||
| #1279 | AI Popup Builder & Popup Maker by OptiMonk | 35 | 81 | 65 | 4k+ | Text Domain Mismatch | ||
| #1280 | Pixel Cat – Conversion Pixel Manager | 35 | 253 | 215 | 40k+ | Output is not escaped | ||
| #1281 | Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager | 35 | 64 | 64 | 80k+ | Non-prefixed global variable | ||
| #1282 | Events Calendar by FooEvents | 35 | 56 | 59 | 4k+ | Non-prefixed global variable | ||
| #1283 | Force Reinstall | 35 | 118 | 34 | 2k+ | Output is not escaped | ||
| #1284 | Frontend Reset Password | 35 | 83 | 128 | 10k+ | Text Domain Mismatch | ||
| #1285 | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | 35 | 50 | 199 | 10k+ | Non-prefixed global variable | ||
| #1286 | GD bbPress Attachments | 35 | 2 | 10 | 6k+ | wp redirect wp redirect | ||
| #1287 | Get a Newsletter | 35 | 138 | 144 | 400 | Output is not escaped | ||
| #1288 | Health Check & Troubleshooting | 35 | 264 | 238 | 300k+ | Missing Arg Domain | ||
| #1289 | Help Scout | 35 | 11 | 13 | 400 | Missing direct file access protection | ||
| #1290 | Hippoo Mobile App for WooCommerce | 35 | 5 | 92 | 1k+ | Direct Query | ||
| #1291 | HTTP Authentication | 35 | 23 | 6 | 600 | Output is not escaped | ||
| #1292 | Image Slider | 35 | 192 | 95 | 4k+ | Output is not escaped | ||
| #1293 | Inspiro Starter Sites – 20+ Free Demo Templates for Gutenberg & Elementor | 35 | 6 | 200 | 10k+ | Non-prefixed global variable | ||
| #1294 | IntenseDebate Comments | 35 | 203 | 114 | 500 | Output is not escaped | ||
| #1295 | IP Based Login | 35 | 179 | 146 | 600 | Output is not escaped | ||
| #1296 | Nobs • Share Buttons | 35 | 314 | 85 | 3k+ | Output is not escaped | ||
| #1297 | Kadence for WooCommerce and Elementor | 35 | 39 | 21 | 3k+ | Output is not escaped | ||
| #1298 | Kaya QR Code Generator | 35 | 193 | 40 | 20k+ | Non Singular String Literal Domain | ||
| #1299 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped | ||
| #1300 | Lead Form Builder & Contact Form | 35 | 400 | 345 | 9k+ | Output is not escaped |