WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1651turboSMTP40114112400Unsafe printing function
#1652Ultimate Dashboard – Custom WordPress Dashboard401714460k+Input is not sanitized
#1653Universal Honey Pot4023941k+Missing nonce verification
#1654Visma Pay for Woocommerce4027372k+Output is not escaped
#1655Weight Based Pricing for WooCommerce4016786600Text Domain Mismatch
#1656Eurobank WooCommerce Payment Gateway4066432k+Non Singular String Literal Domain
#1657Additional Variation Images Gallery for WooCommerce406012920k+Non-prefixed global variable
#1658WP Compress for MainWP402036700Output is not escaped
#1659Easy PayPal & Stripe Buy Now Button403889610k+Unsafe printing function
#1660WP Reroute Email401411061k+Output is not escaped
#1661WPFront Notification Bar402224450k+Output is not escaped
#1662Yektanet Ecommerce40451031k+Request data is not unslashed
#1663AMP for WP – Accelerated Mobile Pages416562,40180k+Non-prefixed global variable
#1664Ad Auto Insert H41496151k+Non Singular String Literal Domain
#1665Advanced Excerpt41694370k+Unsafe printing function
#1666Age Verify4129311k+Output is not escaped
#1667Antispam411141400Missing nonce verification
#1668Authenticator4159441k+Output is not escaped
#1669Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)4117526100k+Unsafe printing function
#1670Autocomplete Google Address4122672k+Nonce verification recommended
#1671Avatar Manager4129415k+Unsafe printing function
#1672BuddyPress Edit Activity412826800Output is not escaped
#1673Bulk Delete Comments4115615k+Direct Query
#1674Carbon Copy4164893k+Text Domain Mismatch
#1675Easy Social Like Box – Popup – Sidebar Widget41217917k+Text Domain Mismatch
#1676CloudGuard4141131k+Output is not escaped
#1677CMS Tree Page View – Reorder Pages with a Drag-and-Drop Tree411219650k+Unsafe printing function
#1678Controlled Admin Access41224010k+Nonce verification recommended
#1679Disable Everything41901630k+Output is not escaped
#1680Duplicate Page and Post41262180k+Unsafe printing function
#1681Edit Lock414722500Non Singular String Literal Domain
#1682Payment Gateway of PayPal for WooCommerce41441847k+Nonce verification recommended
#1683Gallery Lightbox41471610k+Output is not escaped
#1684Google Authenticator41396520k+Output is not escaped
#1685Hide WP Admin Login412339500Nonce verification recommended
#1686iCount Payment Gateway4115222500Text Domain Mismatch
#1687Central Color Palette41733310k+Output is not escaped
#1688Mollie Forms41145653k+Request data is not unslashed
#1689Multiple Domain41421710k+Output is not escaped
#1690My Wp Brand – Hide menu & Hide Plugin4174502k+Non Singular String Literal Domain
#1691Social Login4181105k+Input is not sanitized
#1692Live Chat & AI Chatbot – onWebChat413191700error log error log
#1693Optimus – WordPress Image Optimizer41522030k+Unsafe printing function
#1694Passwordless Login4140241k+Output is not escaped
#1695Smart Post – Post Grid, Post Carousel, Post Slider Gutenberg Blocks for Blog & News4153720k+Non-prefixed global variable
#1696Post Cloner4125151k+Text Domain Mismatch
#1697wpSUBpages Redirect412427600Output is not escaped
#1698Revisionize4154244k+Output is not escaped
#1699IP Ban4129392k+Input is not validated
#1700Simple Page Access Restriction4166516k+Unsafe printing function