WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1301 | Login Page Styler – Custom WordPress Login Page Customizer & Security | 35 | 125 | 168 | 2k+ | Missing Arg Domain | ||
| #1302 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | 35 | 273 | 127 | 5k+ | Output is not escaped | ||
| #1303 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | Missing direct file access protection | ||
| #1304 | MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet | 35 | 33 | 289 | 400 | Non-prefixed global variable | ||
| #1305 | Moyasar | 35 | 436 | 128 | 700 | Text Domain Mismatch | ||
| #1306 | Never Let Me Go | 35 | 34 | 47 | 400 | Non-prefixed global variable | ||
| #1307 | Nginx Cache Controller | 35 | 79 | 96 | 1k+ | Text Domain Mismatch | ||
| #1308 | Noted! | 35 | 5 | 22 | 1k+ | Non-prefixed global variable | ||
| #1309 | ONet Regenerate Thumbnails | 35 | 190 | 64 | 1k+ | Text Domain Mismatch | ||
| #1310 | Orderable – Restaurant & Food Ordering System | 35 | 12 | 324 | 5k+ | Non-prefixed global variable | ||
| #1311 | OSM Map Widget for Elementor | 35 | 183 | 14 | 9k+ | Text Domain Mismatch | ||
| #1312 | OT Flatsome Vertical Menu | 35 | 126 | 26 | 10k+ | Text Domain Mismatch | ||
| #1313 | Paybox WooCommerce Payment Gateway | 35 | 165 | 88 | 500 | Non Singular String Literal Domain | ||
| #1314 | Paytm Payment Gateway | 35 | 92 | 104 | 3k+ | Missing Arg Domain | ||
| #1315 | Paytrail for WooCommerce | 35 | 28 | 46 | 3k+ | Non-prefixed global variable | ||
| #1316 | Permissions Editor for Ninja Forms | 35 | 29 | 6 | 1k+ | Output is not escaped | ||
| #1317 | PiWeb Delivery & Pickup Date Time for WooCommerce | 35 | 377 | 163 | 500 | Text Domain Mismatch | ||
| #1318 | Plausible Analytics | 35 | 244 | 61 | 10k+ | Exception output is not escaped | ||
| #1319 | Poptin – Email Marketing Automation, Newsletter & Exit Pop Ups, Email Popups | 35 | 168 | 29 | 20k+ | Output is not escaped | ||
| #1320 | Post Password Token | 35 | 132 | 38 | 600 | Text Domain Mismatch | ||
| #1321 | Publitio | 35 | 47 | 26 | 400 | curl curl setopt | ||
| #1322 | Push Notifications by LaraPush | 35 | 32 | 76 | 4k+ | Non-prefixed global variable | ||
| #1323 | Real Time Validation for Gravity Forms | 35 | 185 | 30 | 2k+ | Output is not escaped | ||
| #1324 | Related Posts for WordPress | 35 | 207 | 180 | 10k+ | Output is not escaped | ||
| #1325 | Internal Links Manager | 35 | 188 | 121 | 10k+ | Output is not escaped | ||
| #1326 | SEUR Oficial | 35 | 25 | 298 | 1k+ | Non-prefixed global variable | ||
| #1327 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 84 | 1m+ | Request data is not unslashed | ||
| #1328 | Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant | 35 | 83 | 76 | 2k+ | Output is not escaped | ||
| #1329 | SHOPVOTE | 35 | 64 | 58 | 400 | curl curl setopt | ||
| #1330 | Simple CAPTCHA with Cloudflare Turnstile | 35 | 82 | 148 | 100k+ | Output is not escaped | ||
| #1331 | Simple Export Import for ACF Data | 35 | 19 | 64 | 1k+ | Request data is not unslashed | ||
| #1332 | Quiz Maker, Poll Maker & Survey Maker by Opinion Stage | 35 | 42 | 32 | 6k+ | Output is not escaped | ||
| #1333 | Speedy Page Redirect | 35 | 6 | 10 | 1k+ | Output is not escaped | ||
| #1334 | Spreadshop Plugin | 35 | 145 | 44 | 4k+ | wp function not compatible with requires wp | ||
| #1335 | Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons | 35 | 33 | 293 | 10k+ | Non-prefixed global variable | ||
| #1336 | Subscribe to Unlock Lite – Opt In Content Locker Plugin for WordPress | 35 | 106 | 145 | 500 | Non-prefixed global variable | ||
| #1337 | SweepPress: Website Cleanup and Optimization | 35 | 71 | 176 | 600 | Non-prefixed global variable | ||
| #1338 | TBThemes Theme Import | 35 | 84 | 48 | 400 | Text Domain Mismatch | ||
| #1339 | TC Custom JavaScript | 35 | 19 | 26 | 10k+ | Missing Version | ||
| #1340 | Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin | 35 | 1,000 | 410 | 2k+ | Text Domain Mismatch | ||
| #1341 | Theme Blvd Layout Builder | 35 | 207 | 169 | 2k+ | Output is not escaped | ||
| #1342 | Two Factor Authentication | 35 | 108 | 139 | 20k+ | Output is not escaped | ||
| #1343 | Uptime Robot Plugin for WordPress | 35 | 398 | 324 | 600 | Text Domain Mismatch | ||
| #1344 | Voyapp Chile – Lugares y Cotizador de Despachos | 35 | 225 | 84 | 400 | Output is not escaped | ||
| #1345 | WC Cancel Order | 35 | 52 | 122 | 5k+ | Non-prefixed hook name | ||
| #1346 | Deliver via Shipos for WooCommerce | 35 | 11 | 78 | 600 | Nonce verification recommended | ||
| #1347 | WEDOS OnLine monitoring | 35 | 36 | 15 | 700 | Output is not escaped | ||
| #1348 | wePOS – Point Of Sale (POS) for WooCommerce & Dokan | 35 | 47 | 66 | 2k+ | Output is not escaped | ||
| #1349 | What The File | 35 | 9 | 12 | 40k+ | Input is not sanitized | ||
| #1350 | All-in-One Addons for Elementor – WidgetKit | 35 | 60 | 311 | 8k+ | Non-prefixed global variable |