WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1751 | WP Post Redirect | 42 | 29 | 17 | 3k+ | Unsafe printing function | ||
| #1752 | Advanced All in One Admin Search by WP Spotlight | 42 | 25 | 25 | 900 | Missing Version | ||
| #1753 | Yandex.Metrika | 42 | 15 | 20 | 900 | Unsafe printing function | ||
| #1754 | Zotpress | 42 | 10 | 403 | 2k+ | Non-prefixed global variable | ||
| #1755 | Admin Custom Login | 43 | 238 | 20k+ | Request data is not unslashed | |||
| #1756 | Animation Builder – An interface for adding scroll-triggered animations | 43 | 7 | 67 | 800 | Missing Version | ||
| #1757 | Anonymous Restricted Content | 43 | 22 | 24 | 1k+ | Unsafe printing function | ||
| #1758 | Customize Snapshots | 43 | 9 | 42 | 500 | Nonce verification recommended | ||
| #1759 | Disable Gutenberg | 43 | 23 | 47 | 500k+ | Nonce verification recommended | ||
| #1760 | F4 Total Stock Value for WooCommerce | 43 | 27 | 12 | 1k+ | Output is not escaped | ||
| #1761 | GD bbPress Tools | 43 | 15 | 61 | 1k+ | Input is not sanitized | ||
| #1762 | Linker – URL shortener & track outbound link clicks | 43 | 17 | 17 | 2k+ | Output is not escaped | ||
| #1763 | Page Transition | 43 | 39 | 30 | 700 | Output is not escaped | ||
| #1764 | Redirect List | 43 | 34 | 22 | 1k+ | Output is not escaped | ||
| #1765 | Simple Revisions Delete | 43 | 16 | 26 | 10k+ | Output is not escaped | ||
| #1766 | Theme Switcha – Easily Switch Themes for Development and Testing | 43 | 42 | 53 | 7k+ | Output is not escaped | ||
| #1767 | Admin login URL Change | 44 | 38 | 11 | 2k+ | Output is not escaped | ||
| #1768 | BBQ Firewall – Fast & Powerful Firewall Security | 44 | 17 | 17 | 100k+ | Output is not escaped | ||
| #1769 | Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button | 44 | 24 | 71 | 50k+ | Non-prefixed constant | ||
| #1770 | Checkout Upsell Funnel for WooCommerce | 44 | 6 | 244 | 600 | Non-prefixed global variable | ||
| #1771 | ELEX WooCommerce Role Based Pricing | 44 | 213 | 196 | 2k+ | Non-prefixed global variable | ||
| #1772 | KKiapay WooCommerce Plugin | 44 | 20 | 25 | 400 | Output is not escaped | ||
| #1773 | Proxy & VPN Blocker | 44 | 74 | 1k+ | Nonce verification recommended | |||
| #1774 | senangpay | 44 | 38 | 46 | 1k+ | Text Domain Mismatch | ||
| #1775 | User Posts Limit | 44 | 82 | 22 | 2k+ | Output is not escaped | ||
| #1776 | Website Open/Closed Toggle | 44 | 14 | 33 | 500 | Output is not escaped | ||
| #1777 | Gateway zibal for Woocommerce | 44 | 70 | 24 | 6k+ | Text Domain Mismatch | ||
| #1778 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | 45 | 26 | 117 | 20k+ | Non-prefixed hook name | ||
| #1779 | Extended Post Status | 45 | 27 | 27 | 1k+ | Output is not escaped | ||
| #1780 | Goftino | 45 | 16 | 20 | 10k+ | Output is not escaped | ||
| #1781 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #1782 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #1783 | ShayanWeb Admin FontChanger | افزونهی تغییر فونت پیشخوان وردپرس شایان وب | 45 | 42 | 8 | 1k+ | Output is not escaped | ||
| #1784 | Simple Login Notification | 45 | 13 | 22 | 2k+ | Request data is not unslashed | ||
| #1785 | Slider Templates | 45 | 10 | 33 | 1k+ | Request data is not unslashed | ||
| #1786 | WP Revisions Manager | 45 | 47 | 19 | 700 | Non Singular String Literal Domain | ||
| #1787 | ARI Stream Quiz – WordPress Quizzes Builder | 46 | 21 | 239 | 2k+ | Non-prefixed global variable | ||
| #1788 | Batch Comment Spam Deletion | 46 | 22 | 15 | 1k+ | Nonce verification recommended | ||
| #1789 | Official CleverReach® Plugin for WooCommerce | 46 | 37 | 98 | 400 | Non-prefixed global variable | ||
| #1790 | Import Social Events | 46 | 26 | 355 | 3k+ | Non-prefixed global variable | ||
| #1791 | Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator | 46 | 13 | 25 | 7k+ | Request data is not unslashed | ||
| #1792 | RY Tools for WooCommerce | 46 | 295 | 5k+ | Non-prefixed class | |||
| #1793 | Link in Bio Creator – Social | 46 | 52 | 36 | 2k+ | Non Singular String Literal Domain | ||
| #1794 | Ultimate FAQ Solution | 46 | 285 | 97 | 600 | Text Domain Mismatch | ||
| #1795 | Better Badge – Custom Product Badges for WooCommerce | 47 | 22 | 47 | 500 | Non Singular String Literal Domain | ||
| #1796 | DPO Pay for WooCommerce | 47 | 28 | 41 | 1k+ | Non Singular String Literal Text | ||
| #1797 | Gateway AqayePardakht for Woocommerce | 47 | 72 | 23 | 4k+ | Text Domain Mismatch | ||
| #1798 | Groups 404 Redirect | 47 | 35 | 33 | 1k+ | Non Singular String Literal Domain | ||
| #1799 | Import Users from CSV | 47 | 33 | 12 | 10k+ | Unsafe printing function | ||
| #1800 | Store Locator for WordPress📍 | 47 | 51 | 21 | 1k+ | Missing Arg Domain |