WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1251Advanced Permalinks359476400wp function not compatible with requires wp
#1252Affiliate Link Marker35314400Text Domain Mismatch
#1253Akismet Anti-spam: Spam Protection3533996m+Non-prefixed global variable
#1254AMIMOTO Plugin Dashboard358282900Non Singular String Literal Domain
#1255Amministrazione Trasparente3580461k+Output is not escaped
#1256Author Box WP Lens35169491k+Unsafe printing function
#1257Auto Login for Sakura Rental Server353310k+Hidden files included
#1258Bicycles by falbar3542665600Output is not escaped
#1259Block User Account352801431k+Unsafe printing function
#1260Registration Options for BuddyPress35471321k+Non-prefixed function
#1261BSK Forms Blacklist358315501k+Output is not escaped
#1262BTCPay Server – Accept Bitcoin payments in WooCommerce3548861k+Missing nonce verification
#1263Central Connect35521400Nonce verification recommended
#1264CF7 Views – Complete Entry Management for Contact Form 7351721811k+Output is not escaped
#1265CM E-Mail Blacklist – Simple email filtering for safer registration35269205800Output is not escaped
#1266Conditional Menus35922860k+Text Domain Mismatch
#1267Content Mask35503501k+Non-prefixed global variable
#1268EasyTest – Simplify A/B Testing3597610k+Non-prefixed global variable
#1269Cryptex | E-Mail Address Protection356210900Output is not escaped
#1270CubeWP Framework35114714k+wp function not compatible with requires wp
#1271Currency Switcher for WooCommerce3516661800Text Domain Mismatch
#1272Dadevarzan WordPress Common355671700Text Domain Mismatch
#1273Deposits & Partial Payments for WooCommerce351721445k+Text Domain Mismatch
#1274PiWeb Disable payment method / Partial payment for WooCommerce35552214k+Non-prefixed class
#1275Elementor Website Builder – more than just a page builder354642810m+Non-prefixed global variable
#1276Enlighter – Customizable Syntax Highlighter35501010k+Output is not escaped
#1277Equivalent Mobile Redirect3529172k+Text Domain Mismatch
#1278Ever Compare – Products Compare Plugin for WooCommerce35223600Non-prefixed global variable
#1279AI Popup Builder & Popup Maker by OptiMonk3581654k+Text Domain Mismatch
#1280Pixel Cat – Conversion Pixel Manager3525321540k+Output is not escaped
#1281Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager35646480k+Non-prefixed global variable
#1282Events Calendar by FooEvents3556594k+Non-prefixed global variable
#1283Force Reinstall35118342k+Output is not escaped
#1284Frontend Reset Password358312810k+Text Domain Mismatch
#1285Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery355019910k+Non-prefixed global variable
#1286GD bbPress Attachments352106k+wp redirect wp redirect
#1287Get a Newsletter35138144400Output is not escaped
#1288Health Check & Troubleshooting35264238300k+Missing Arg Domain
#1289Help Scout351113400Missing direct file access protection
#1290Hippoo Mobile App for WooCommerce355921k+Direct Query
#1291HTTP Authentication35236600Output is not escaped
#1292Image Slider35192954k+Output is not escaped
#1293Inspiro Starter Sites – 20+ Free Demo Templates for Gutenberg & Elementor35620010k+Non-prefixed global variable
#1294IntenseDebate Comments35203114500Output is not escaped
#1295IP Based Login35179146600Output is not escaped
#1296Nobs • Share Buttons35314853k+Output is not escaped
#1297Kadence for WooCommerce and Elementor3539213k+Output is not escaped
#1298Kaya QR Code Generator351934020k+Non Singular String Literal Domain
#1299Keyring352332031k+Output is not escaped
#1300Lead Form Builder & Contact Form354003459k+Output is not escaped