WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1751WP Post Redirect4229173k+Unsafe printing function
#1752Advanced All in One Admin Search by WP Spotlight422525900Missing Version
#1753Yandex.Metrika421520900Unsafe printing function
#1754Zotpress42104032k+Non-prefixed global variable
#1755Admin Custom Login4323820k+Request data is not unslashed
#1756Animation Builder – An interface for adding scroll-triggered animations43767800Missing Version
#1757Anonymous Restricted Content4322241k+Unsafe printing function
#1758Customize Snapshots43942500Nonce verification recommended
#1759Disable Gutenberg432347500k+Nonce verification recommended
#1760F4 Total Stock Value for WooCommerce4327121k+Output is not escaped
#1761GD bbPress Tools4315611k+Input is not sanitized
#1762Linker – URL shortener & track outbound link clicks4317172k+Output is not escaped
#1763Page Transition433930700Output is not escaped
#1764Redirect List4334221k+Output is not escaped
#1765Simple Revisions Delete43162610k+Output is not escaped
#1766Theme Switcha – Easily Switch Themes for Development and Testing4342537k+Output is not escaped
#1767Admin login URL Change4438112k+Output is not escaped
#1768BBQ Firewall – Fast & Powerful Firewall Security441717100k+Output is not escaped
#1769Buttonizer – Live Chat, AI Chatbot, Call, Chat, Contact Button44247150k+Non-prefixed constant
#1770Checkout Upsell Funnel for WooCommerce446244600Non-prefixed global variable
#1771ELEX WooCommerce Role Based Pricing442131962k+Non-prefixed global variable
#1772KKiapay WooCommerce Plugin442025400Output is not escaped
#1773Proxy & VPN Blocker44741k+Nonce verification recommended
#1774senangpay4438461k+Text Domain Mismatch
#1775User Posts Limit4482222k+Output is not escaped
#1776Website Open/Closed Toggle441433500Output is not escaped
#1777Gateway zibal for Woocommerce4470246k+Text Domain Mismatch
#1778Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro452611720k+Non-prefixed hook name
#1779Extended Post Status4527271k+Output is not escaped
#1780Goftino45162010k+Output is not escaped
#1781JetHost Total Care – Security & Enhancements451085800Direct Query
#1782Passwords Evolved4526171k+Output is not escaped
#1783ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب454281k+Output is not escaped
#1784Simple Login Notification4513222k+Request data is not unslashed
#1785Slider Templates4510331k+Request data is not unslashed
#1786WP Revisions Manager454719700Non Singular String Literal Domain
#1787ARI Stream Quiz – WordPress Quizzes Builder46212392k+Non-prefixed global variable
#1788Batch Comment Spam Deletion4622151k+Nonce verification recommended
#1789Official CleverReach® Plugin for WooCommerce463798400Non-prefixed global variable
#1790Import Social Events46263553k+Non-prefixed global variable
#1791Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator4613257k+Request data is not unslashed
#1792RY Tools for WooCommerce462955k+Non-prefixed class
#1793Link in Bio Creator – Social4652362k+Non Singular String Literal Domain
#1794Ultimate FAQ Solution4628597600Text Domain Mismatch
#1795Better Badge – Custom Product Badges for WooCommerce472247500Non Singular String Literal Domain
#1796DPO Pay for WooCommerce4728411k+Non Singular String Literal Text
#1797Gateway AqayePardakht for Woocommerce4772234k+Text Domain Mismatch
#1798Groups 404 Redirect4735331k+Non Singular String Literal Domain
#1799Import Users from CSV47331210k+Unsafe printing function
#1800Store Locator for WordPress📍4751211k+Missing Arg Domain