WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1351 | What The File | 35 | 9 | 12 | 40k+ | Input is not sanitized | ||
| #1352 | All-in-One Addons for Elementor – WidgetKit | 35 | 60 | 311 | 8k+ | Non-prefixed global variable | ||
| #1353 | Wild Apricot Login | 35 | 88 | 30 | 800 | Non Singular String Literal Domain | ||
| #1354 | Wired Impact Volunteer Management | 35 | 253 | 175 | 1k+ | Output is not escaped | ||
| #1355 | Open Graph and Twitter Card Tags | 35 | 15 | 27 | 50k+ | error log error log | ||
| #1356 | CardCom Payment Gateway | 35 | 201 | 84 | 3k+ | Text Domain Mismatch | ||
| #1357 | Save and Share Cart for WooCommerce | 35 | 125 | 51 | 600 | Text Domain Mismatch | ||
| #1358 | WooCommerce Gateway Affirm | 35 | 2 | 58 | 6k+ | Nonce verification recommended | ||
| #1359 | Brevo for WooCommerce | 35 | 116 | 67 | 30k+ | Output is not escaped | ||
| #1360 | Wooplatnica | 35 | 27 | 24 | 400 | Non-prefixed class | ||
| #1361 | WP Cassify | 35 | 106 | 143 | 800 | Missing nonce verification | ||
| #1362 | WP Compiler | 35 | 33 | 20 | 1k+ | Output is not escaped | ||
| #1363 | Database Backup for WordPress | 35 | 128 | 88 | 70k+ | Output is not escaped | ||
| #1364 | WP Geo | 35 | 180 | 84 | 900 | Output is not escaped | ||
| #1365 | WP-PageNavi | 35 | 84 | 95 | 500k+ | Non Singular String Literal Domain | ||
| #1366 | Integration for WooCommerce and QuickBooks | 35 | 263 | 125 | 1k+ | Output is not escaped | ||
| #1367 | WPD Beaver Builder Additions | 35 | 406 | 35 | 600 | Non Singular String Literal Domain | ||
| #1368 | WPElemento Importer | 35 | 126 | 123 | 9k+ | Text Domain Mismatch | ||
| #1369 | WPFront User Role Editor | 35 | 333 | 578 | 30k+ | Output is not escaped | ||
| #1370 | XT Event Widget for Social Events | 35 | 3 | 55 | 900 | Non-prefixed global variable | ||
| #1371 | Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts | 35 | 48 | 114 | 5k+ | Non-prefixed hook name | ||
| #1372 | Yes/No Chart | 35 | 136 | 139 | 2k+ | Unsafe printing function | ||
| #1373 | Yotpo: Product & Photo Reviews for WooCommerce | 35 | 24 | 189 | 2k+ | Non-prefixed function | ||
| #1374 | Ziina | 35 | 8 | 19 | 2k+ | wp redirect wp redirect | ||
| #1375 | 2C2P Redirect API for WooCommerce | 36 | 136 | 62 | 900 | wp function not compatible with requires wp | ||
| #1376 | Affiliate Links – Link Cloaking and Management | 36 | 26 | 136 | 3k+ | Non-prefixed global variable | ||
| #1377 | Black Widgets For Elementor | 36 | 2,608 | 19 | 800 | Text Domain Mismatch | ||
| #1378 | BP Group Documents | 36 | 27 | 195 | 600 | Non-prefixed global variable | ||
| #1379 | Carousel Horizontal Posts Content Slider | 36 | 271 | 59 | 2k+ | Text Domain Mismatch | ||
| #1380 | Cashflows for WooCommerce | 36 | 118 | 36 | 600 | Text Domain Mismatch | ||
| #1381 | Simple SEO | 36 | 164 | 113 | 10k+ | Non Singular String Literal Domain | ||
| #1382 | CM Header and Footer – Add custom scripts and styles to your header and footer with ease | 36 | 230 | 198 | 1k+ | Output is not escaped | ||
| #1383 | CSH Login | 36 | 126 | 41 | 500 | Output is not escaped | ||
| #1384 | Dashboard Widgets Suite | 36 | 206 | 124 | 4k+ | Output is not escaped | ||
| #1385 | Depicter — Popup & Slider Builder | 36 | 130 | 121 | 80k+ | Exception output is not escaped | ||
| #1386 | Different Menu in Different Pages – Conditional Menu | 36 | 167 | 113 | 4k+ | Text Domain Mismatch | ||
| #1387 | Doneren met Mollie | 36 | 420 | 351 | 4k+ | SQL query is not prepared | ||
| #1388 | Duitku Payment Gateway | 36 | 507 | 107 | 700 | Text Domain Mismatch | ||
| #1389 | Duplicate Post – duplicate pages, copy content, clone posts | 36 | 71 | 81 | 5k+ | wp function not compatible with requires wp | ||
| #1390 | Dynamic Copyright Year | 36 | 972 | 43 | 800 | Output is not escaped | ||
| #1391 | WP CTA – Call Now Button, Sticky Button & Call to Action Builder | 36 | 1 | 433 | 2k+ | Non-prefixed global variable | ||
| #1392 | Email Before Download | 36 | 89 | 29 | 6k+ | Unsafe printing function | ||
| #1393 | Enormail Sign Up Forms | 36 | 133 | 126 | 400 | Output is not escaped | ||
| #1394 | Envo's Templates & Widgets for Elementor and WooCommerce | 36 | 1,065 | 54 | 10k+ | Text Domain Mismatch | ||
| #1395 | Events Manager and WPML Compatibility | 36 | 101 | 177 | 1k+ | Direct Query | ||
| #1396 | Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | 36 | 65 | 119 | 1k+ | Nonce verification recommended | ||
| #1397 | FreePay for WooCommerce | 36 | 114 | 102 | 400 | Output is not escaped | ||
| #1398 | Friendly Functions for Welcart | 36 | 311 | 83 | 1k+ | Non Singular String Literal Domain | ||
| #1399 | Google Webfont Optimizer | 36 | 45 | 49 | 700 | Output is not escaped | ||
| #1400 | Header Footer Code Manager | 36 | 81 | 180 | 600k+ | Non-prefixed global variable |
