WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1551WishSuite – Wishlist for WooCommerce38761331k+Output is not escaped
#1552Wholesale for WooCommerce38541221k+Output is not escaped
#1553WP Mailgun SMTP389951900Text Domain Mismatch
#1554WP Maintenance Mode & Site Under Construction3872573k+Output is not escaped
#1555WP Media Categories3840103800Nonce verification recommended
#1556WP Safe Mode3895552k+Output is not escaped
#1557WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups38299583k+Non Singular String Literal Domain
#1558WPTurbo -WordPress性能优化插件382034700Output is not escaped
#1559Advanced Woo Labels – Product Labels & Badges for WooCommerce3917312510k+Output is not escaped
#1560Affiliate Links – Link Cloaking and Management39231133k+Non-prefixed global variable
#1561AffiliatePages – Pros & Cons, Notice, and CTA Blocks for Affiliates3991532k+Output is not escaped
#1562AffiliateWP – Affiliate Area Tabs3986263k+Output is not escaped
#1563Accessibility by AllAccessible39200822k+Unsafe printing function
#1564AWEOS WP Lock392453400Output is not escaped
#1565Better Random Redirect398840700Text Domain Mismatch
#1566Billplz for WooCommerce39289656k+Text Domain Mismatch
#1567BIP Pages399825400Short PHP open tag found
#1568Blackhole for Bad Bots391236930k+Output is not escaped
#1569Block Editor Bootstrap Blocks3917350900Text Domain Mismatch
#1570Blogger Importer Extended3955454k+Output is not escaped
#1571Constant Contact + WooCommerce3927911k+Nonce verification recommended
#1572Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)39284580k+Missing nonce verification
#1573Culqi39571881k+Text Domain Mismatch
#1574Custom Post Type Auto Menu395433500Text Domain Mismatch
#1575Deliverability – pass DKIM, SPF, DMARC & more392171800Nonce verification recommended
#1576Drip for Gravity Forms394121500Unsafe printing function
#1577Events Manager – Zoom Integration3914143700Output is not escaped
#1578GS Only PDF Preview3946361k+Output is not escaped
#1579Idle User Logout3996131k+Output is not escaped
#1580Image Carousel39164181k+Output is not escaped
#1581Image Watermark WP398882600Output is not escaped
#1582Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce3976641k+Missing Translators Comment
#1583Mizan Demo Importer3931911k+Missing nonce verification
#1584Modal Dialog396464500Output is not escaped
#1585PO/MO Editor39106451k+Unsafe printing function
#1586Product Size Chart for Woocommerce3920169600Non-prefixed global variable
#1587Redirect 404 Error Page to Homepage or Custom Page with Logs39275310k+Nonce verification recommended
#1588REST API Helper3910885500Unsafe printing function
#1589RioVizual — Table Blocks for Comparison, Pricing and Pros & Cons3932751k+Nonce verification recommended
#1590Rollbar397514400Output is not escaped
#1591Scripts n Styles391509230k+Output is not escaped
#1592Shipping by Rules for WooCommerce3913048500Output is not escaped
#1593Simpaisa Wallet (Jazzcash & Easypaisa) Payment Services3967741k+Interpolated Variable Text
#1594Simple Posts Ticker – Easy, Lightweight & Flexible39151282k+Output is not escaped
#1595Slash Admin3911638500Output is not escaped
#1596Slideshow SE39352402k+Non-prefixed global variable
#1597Solid Post Likes399652500Text Domain Mismatch
#1598Soumettre.fr391302610k+Text Domain Mismatch
#1599Stockdio Historical Chart396516900Output is not escaped
#1600User Blocker3962763k+Nonce verification recommended