WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1301Login Page Styler – Custom WordPress Login Page Customizer & Security351251682k+Missing Arg Domain
#1302Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )352731275k+Output is not escaped
#1303MapSVG – Vector maps, Image maps, Google Maps3574471k+Missing direct file access protection
#1304MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet3533289400Non-prefixed global variable
#1305Moyasar35436128700Text Domain Mismatch
#1306Never Let Me Go353447400Non-prefixed global variable
#1307Nginx Cache Controller3579961k+Text Domain Mismatch
#1308Noted!355221k+Non-prefixed global variable
#1309ONet Regenerate Thumbnails35190641k+Text Domain Mismatch
#1310Orderable – Restaurant & Food Ordering System35123245k+Non-prefixed global variable
#1311OSM Map Widget for Elementor35183149k+Text Domain Mismatch
#1312OT Flatsome Vertical Menu351262610k+Text Domain Mismatch
#1313Paybox WooCommerce Payment Gateway3516588500Non Singular String Literal Domain
#1314Paytm Payment Gateway35921043k+Missing Arg Domain
#1315Paytrail for WooCommerce3528463k+Non-prefixed global variable
#1316Permissions Editor for Ninja Forms352961k+Output is not escaped
#1317PiWeb Delivery & Pickup Date Time for WooCommerce35377163500Text Domain Mismatch
#1318Plausible Analytics352446110k+Exception output is not escaped
#1319Poptin – Email Marketing Automation, Newsletter & Exit Pop Ups, Email Popups351682920k+Output is not escaped
#1320Post Password Token3513238600Text Domain Mismatch
#1321Publitio354726400curl curl setopt
#1322Push Notifications by LaraPush3532764k+Non-prefixed global variable
#1323Real Time Validation for Gravity Forms35185302k+Output is not escaped
#1324Related Posts for WordPress3520718010k+Output is not escaped
#1325Internal Links Manager3518812110k+Output is not escaped
#1326SEUR Oficial35252981k+Non-prefixed global variable
#1327Security Optimizer – The All-In-One Protection Plugin3540841m+Request data is not unslashed
#1328Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant3583762k+Output is not escaped
#1329SHOPVOTE356458400curl curl setopt
#1330Simple CAPTCHA with Cloudflare Turnstile3582148100k+Output is not escaped
#1331Simple Export Import for ACF Data3519641k+Request data is not unslashed
#1332Quiz Maker, Poll Maker & Survey Maker by Opinion Stage3542326k+Output is not escaped
#1333Speedy Page Redirect356101k+Output is not escaped
#1334Spreadshop Plugin35145444k+wp function not compatible with requires wp
#1335Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons353329310k+Non-prefixed global variable
#1336Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress35106145500Non-prefixed global variable
#1337SweepPress: Website Cleanup and Optimization3571176600Non-prefixed global variable
#1338TBThemes Theme Import358448400Text Domain Mismatch
#1339TC Custom JavaScript35192610k+Missing Version
#1340Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin351,0004102k+Text Domain Mismatch
#1341Theme Blvd Layout Builder352071692k+Output is not escaped
#1342Two Factor Authentication3510813920k+Output is not escaped
#1343Uptime Robot Plugin for WordPress35398324600Text Domain Mismatch
#1344Voyapp Chile – Lugares y Cotizador de Despachos3522584400Output is not escaped
#1345WC Cancel Order35521225k+Non-prefixed hook name
#1346Deliver via Shipos for WooCommerce351178600Nonce verification recommended
#1347WEDOS OnLine monitoring353615700Output is not escaped
#1348wePOS – Point Of Sale (POS) for WooCommerce & Dokan3547662k+Output is not escaped
#1349What The File3591240k+Input is not sanitized
#1350All-in-One Addons for Elementor – WidgetKit35603118k+Non-prefixed global variable