WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1701Smoove connector for Elementor forms412260600Nonce verification recommended
#1702SnapScan Payment Gateway413330700Output is not escaped
#1703Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress41271682k+Request data is not unslashed
#1704Feedback Company416336800Output is not escaped
#1705Theme Blvd Importer412558500Missing nonce verification
#1706Unbloater4157185k+Output is not escaped
#1707Visibility Logic for Elementor41274330k+Output is not escaped
#1708WaveSurfer-WP418322400Unsafe printing function
#1709WP Lorem ipsum413729500Unsafe printing function
#1710WP Router412913800Exception output is not escaped
#1711WPS Hide Login4134722m+Nonce verification recommended
#1712Admin Options Pages423284500Nonce verification recommended
#1713Affiliate Link Tracker422449500Request data is not unslashed
#1714AweSplash – Just Splash Page423934400Output is not escaped
#1715BP Auto Group Join425555700Output is not escaped
#1716CCAvenue Payment Gateway for WooCommerce4253403k+Text Domain Mismatch
#1717Change Background Color for Pages, Posts, Widgets42357500Text Domain Mismatch
#1718Comment Blacklist Updater4245151k+Output is not escaped
#1719Confetti42136173k+Unsafe printing function
#1720Cookie Notify421554400Input is not validated
#1721Custom Fields for Gutenberg4224241k+Output is not escaped
#1722Delete Expired Transients4249655k+Direct Query
#1723Disable Recaptcha – CF7427352k+Output is not escaped
#1724Simple HTML Sitemap4242201k+Text Domain Mismatch
#1725Duplicate Page or Post42122119k+Text Domain Mismatch
#1726Easy Demo Import for Omega Themes423341400Output is not escaped
#1727Lock Down Admin4230203k+Unsafe printing function
#1728GA Google Analytics – Connect Google Analytics to WordPress424630400k+Output is not escaped
#1729Geo Blocker – Control Site Access by Region and IP4210641k+Direct Query
#1730iyzico for WooCommerce42345410k+Unsafe printing function
#1731LH Page Links To422538500Output is not escaped
#1732NS Remove Related Products for WooCommerce4295433k+Output is not escaped
#1733OnPay.io for WooCommerce42238371k+Text Domain Mismatch
#1734PAYDUNYA WOOCOMMERCE PAR425432600Text Domain Mismatch
#1735Polylang Theme Strings42119306k+Output is not escaped
#1736Prismatic4261292k+Output is not escaped
#1737reCAPTCHA for WooCommerce42803140k+Output is not escaped
#1738Sendcloud Shipping4278565k+Output is not escaped
#1739SEO Backlink Monitor4286105700Output is not escaped
#1740Simple Download Counter4258462k+Output is not escaped
#1741Sticky Floating Button (Book Now, Contact, Call To Action…)429526900Missing Arg Domain
#1742ThemeZee Widget Bundle42211585k+Output is not escaped
#1743Ultimate Coming Soon Page, Maintenance Mode & Under Construction – Gutenberg Block Builder & Landing Page4215899k+Non-prefixed global variable
#1744UPI QR Code Payment Gateway42179281k+Text Domain Mismatch
#1745WebPlanex: GST Invoice India426363400Text Domain Mismatch
#1746WP Child Theme Generator42356620k+Request data is not unslashed
#1747WP Media Category Management42101766k+Nonce verification recommended
#1748WP Post Redirect4229173k+Unsafe printing function
#1749Advanced All in One Admin Search by WP Spotlight422525900Missing Version
#1750Yandex.Metrika421520900Unsafe printing function