WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1451 | Encyclopedia / Glossary / Wiki | 37 | 263 | 48 | 1k+ | Output is not escaped | ||
| #1452 | Gmail SMTP | 37 | 85 | 71 | 10k+ | Unsafe printing function | ||
| #1453 | GHL Gravity Bridge – Send Gravity Forms leads to GHL CRM | 37 | 59 | 269 | 600 | Direct Query | ||
| #1454 | GoPay for WooCommerce | 37 | 66 | 103 | 1k+ | Non-prefixed global variable | ||
| #1455 | GS Portfolio for Envato | 37 | 155 | 75 | 4k+ | Text Domain Mismatch | ||
| #1456 | Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder | 37 | 83 | 113 | 20k+ | SQL query is not prepared | ||
| #1457 | Horizontal scrolling announcements | 37 | 215 | 140 | 8k+ | Output is not escaped | ||
| #1458 | HT Builder – WordPress Theme Builder for Elementor | 37 | 142 | 41 | 900 | Output is not escaped | ||
| #1459 | HT Menu – WordPress Mega Menu Builder for Elementor | 37 | 300 | 60 | 3k+ | Text Domain Mismatch | ||
| #1460 | Humans TXT | 37 | 159 | 86 | 400 | Output is not escaped | ||
| #1461 | Image Optimizer by 10web – Image Optimizer and Compression plugin | 37 | 244 | 45 | 3k+ | Text Domain Mismatch | ||
| #1462 | LH Archived Post Status | 37 | 150 | 64 | 3k+ | Text Domain Mismatch | ||
| #1463 | Max Mega Menu | 37 | 249 | 174 | 300k+ | Output is not escaped | ||
| #1464 | Meks Video Importer | 37 | 62 | 239 | 2k+ | Input is not sanitized | ||
| #1465 | Monobank WP Payment | 37 | 78 | 41 | 1k+ | Text Domain Mismatch | ||
| #1466 | Ninja Van (MY) | 37 | 21 | 258 | 1k+ | Non-prefixed global variable | ||
| #1467 | Off-Canvas Sidebars & Menus (Slidebars) | 37 | 457 | 12 | 1k+ | Non Singular String Literal Domain | ||
| #1468 | WP All Export – Order Export for WooCommerce | 37 | 109 | 111 | 3k+ | Text Domain Mismatch | ||
| #1469 | Phoenix Media Rename | 37 | 175 | 104 | 50k+ | Output is not escaped | ||
| #1470 | POEditor | 37 | 78 | 140 | 500 | Output is not escaped | ||
| #1471 | Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales | 37 | 59 | 64 | 2k+ | SQL query is not prepared | ||
| #1472 | Product page shipping calculator for WooCommerce | 37 | 217 | 117 | 1k+ | Text Domain Mismatch | ||
| #1473 | PublishPress Statuses – Custom Post Status and Workflow | 37 | 231 | 78 | 1k+ | Missing Arg Domain | ||
| #1474 | Quantities and Units for WooCommerce | 37 | 133 | 118 | 1k+ | Output is not escaped | ||
| #1475 | rapidmail: Newsletter & E-Mail Marketing for WooCommerce | 37 | 79 | 47 | 400 | Text Domain Mismatch | ||
| #1476 | Rich Table of Contents | 37 | 262 | 57 | 20k+ | Output is not escaped | ||
| #1477 | Send PDF for Contact Form 7 | 37 | 22 | 308 | 9k+ | Non-prefixed global variable | ||
| #1478 | SendWP | 37 | 47 | 42 | 10k+ | Output is not escaped | ||
| #1479 | Sezzle Woocommerce Payment | 37 | 108 | 105 | 1k+ | Text Domain Mismatch | ||
| #1480 | Site Offline Or Coming Soon Or Maintenance Mode | 37 | 127 | 138 | 30k+ | Unsafe printing function | ||
| #1481 | Theme Builder For Elementor | 37 | 477 | 28 | 2k+ | Text Domain Mismatch | ||
| #1482 | Landing Page Builder – Free Landing Page Templates | 37 | 329 | 111 | 600 | Output is not escaped | ||
| #1483 | UsersWP – Social Login | 37 | 299 | 91 | 2k+ | Text Domain Mismatch | ||
| #1484 | Varnish/Nginx Proxy Caching | 37 | 287 | 36 | 600 | Output is not escaped | ||
| #1485 | Featured Video for WordPress – VideographyWP | 37 | 287 | 93 | 1k+ | Unsafe printing function | ||
| #1486 | Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin | 37 | 99 | 33 | 10k+ | Text Domain Mismatch | ||
| #1487 | Piraeus Bank WooCommerce Payment Gateway | 37 | 146 | 104 | 3k+ | Non Singular String Literal Domain | ||
| #1488 | Viva Payments – Viva Wallet WooCommerce Payment Gateway | 37 | 33 | 33 | 1k+ | curl curl setopt | ||
| #1489 | SUMIT Payment Gateway for WooCommerce | 37 | 358 | 74 | 1k+ | Text Domain Mismatch | ||
| #1490 | WPForce Logout – WordPress User Login Logout Management Plugin | 37 | 567 | 32 | 8k+ | Output is not escaped | ||
| #1491 | Persistent Login | 37 | 338 | 108 | 6k+ | Unsafe printing function | ||
| #1492 | ReCaptcha Integration for WordPress | 37 | 60 | 66 | 9k+ | Output is not escaped | ||
| #1493 | TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More | 37 | 878 | 59 | 800 | Output is not escaped | ||
| #1494 | WPO365 | MICROSOFT 365 GRAPH MAILER | 37 | 112 | 83 | 10k+ | Text Domain Mismatch | ||
| #1495 | YOURLS Link Creator | 37 | 196 | 39 | 500 | Text Domain Mismatch | ||
| #1496 | Zakeke Interactive Product Designer for WooCommerce | 37 | 186 | 178 | 2k+ | Nonce verification recommended | ||
| #1497 | Admin Bar & Dashboard Access Control | 38 | 94 | 37 | 3k+ | Text Domain Mismatch | ||
| #1498 | AdRoll for WooCommerce Stores | 38 | 40 | 25 | 600 | Output is not escaped | ||
| #1499 | Advanced 301 and 302 Redirect | 38 | 81 | 339 | 1k+ | Non-prefixed global variable | ||
| #1500 | Announce from the Dashboard | 38 | 138 | 24 | 7k+ | Non Singular String Literal Domain |