WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1801 | Tabby Checkout | 47 | 33 | 46 | 4k+ | Non-prefixed class | ||
| #1802 | Simple Client Dashboard | 47 | 38 | 36 | 2k+ | Missing direct file access protection | ||
| #1803 | FedaPay Gateway for WooCommerce | 47 | 24 | 11 | 700 | Output is not escaped | ||
| #1804 | iControlWP | 47 | 45 | 59 | 1k+ | Missing direct file access protection | ||
| #1805 | WP Custom Author URL | 47 | 16 | 38 | 5k+ | Non-prefixed global variable | ||
| #1806 | WP User Profile Restriction | 47 | 26 | 8 | 400 | Output is not escaped | ||
| #1807 | Convertful – Your Ultimate On-Site Conversion Tool | 48 | 15 | 34 | 3k+ | wp function not compatible with requires wp | ||
| #1808 | CookieFox – Cookie Notice | 48 | 14 | 19 | 400 | Output is not escaped | ||
| #1809 | Current Menu Item for Custom Post Types | 48 | 18 | 30 | 2k+ | Non-prefixed global variable | ||
| #1810 | Disable Author Pages | 48 | 23 | 5 | 6k+ | Unsafe printing function | ||
| #1811 | Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | 48 | 63 | 273 | 100k+ | Non-prefixed global variable | ||
| #1812 | Easy Updates Manager | 48 | 13 | 182 | 300k+ | Non-prefixed global variable | ||
| #1813 | Taxonomy Switcher | 48 | 22 | 36 | 2k+ | Nonce verification recommended | ||
| #1814 | Instamojo for WooCommerce | 48 | 72 | 44 | 5k+ | Text Domain Mismatch | ||
| #1815 | Flutterwave Payment Gateway for WooCommerce | 48 | 14 | 22 | 2k+ | Output is not escaped | ||
| #1816 | Successful Redirection for Contact Form | 49 | 33 | 20 | 10k+ | Text Domain Mismatch | ||
| #1817 | Ecommerce Fabrick | 49 | 4 | 135 | 1k+ | Nonce verification recommended | ||
| #1818 | Registered Users Only | 49 | 14 | 14 | 2k+ | Unsafe printing function | ||
| #1819 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 4k+ | Non-prefixed global variable | ||
| #1820 | Auto Ping Booster Free | 50 | 18 | 21 | 900 | Setting is missing a sanitization callback | ||
| #1821 | Send Emails with Mandrill | 50 | 36 | 141 | 6k+ | Non-prefixed global variable | ||
| #1822 | WP SVG Images | 50 | 58 | 12 | 30k+ | Text Domain Mismatch | ||
| #1823 | GamiPress – Reset User | 51 | 14 | 27 | 400 | Interpolated SQL is not prepared | ||
| #1824 | Menu Icons by Themeisle – Add Icons to Navigation Menus | 51 | 34 | 22 | 100k+ | Output is not escaped | ||
| #1825 | Mintpay | 51 | 14 | 35 | 600 | Nonce verification recommended | ||
| #1826 | SePay Gateway | 51 | 12 | 39 | 1k+ | Nonce verification recommended | ||
| #1827 | YayMail – WooCommerce Email Customizer | 51 | 163 | 788 | 50k+ | Non-prefixed global variable | ||
| #1828 | Request a Quote for WooCommerce – Get a Quote Button | 52 | 25 | 12 | 6k+ | Output is not escaped | ||
| #1829 | Add to Cart Custom Redirect for WooCommerce | 52 | 33 | 13 | 2k+ | Text Domain Mismatch | ||
| #1830 | Post Type Converter | 53 | 5 | 28 | 1k+ | Nonce verification recommended | ||
| #1831 | Simple Blog Stats | 53 | 25 | 76 | 4k+ | Non-prefixed function | ||
| #1832 | Social Media Widget | 53 | 90 | 21 | 30k+ | Text Domain Mismatch | ||
| #1833 | Ultimate Gift Cards for WooCommerce | 53 | 4 | 450 | 7k+ | Non-prefixed global variable | ||
| #1834 | WP User Switch | 53 | 8 | 46 | 1k+ | Input is not sanitized | ||
| #1835 | aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder | 54 | 8 | 382 | 2k+ | Non-prefixed global variable | ||
| #1836 | AffiliateWP – Order Details For Affiliates | 54 | 62 | 27 | 2k+ | Output is not escaped | ||
| #1837 | Disable Media Sizes | 54 | 14 | 7 | 10k+ | Output is not escaped | ||
| #1838 | Discount Rules for WooCommerce – Disco | Dynamic Pricing, Conditions, Bulk, Bundle, BOGO | 54 | 1 | 61 | 2k+ | Request data is not unslashed | ||
| #1839 | F4 Media Taxonomies | 54 | 7 | 39 | 1k+ | Input is not sanitized | ||
| #1840 | MSN Partner Hub | 54 | 21 | 25 | 1k+ | Missing direct file access protection | ||
| #1841 | SpeedSize Image & Video AI-Optimizer | 54 | 98 | 17 | 400 | Text Domain Mismatch | ||
| #1842 | WC Duplicate Order | 54 | 12 | 15 | 500 | Nonce verification recommended | ||
| #1843 | WebinarPress – Webinar System for WordPress | 54 | 61 | 499 | 900 | Non-prefixed global variable | ||
| #1844 | Disable Feeds | 55 | 9 | 9 | 20k+ | Output is not escaped | ||
| #1845 | Head Meta Data | 55 | 19 | 42 | 10k+ | Non-prefixed function | ||
| #1846 | Head, Footer and Post Injections | 55 | 9 | 52 | 200k+ | Non-prefixed global variable | ||
| #1847 | Hide Admin Menu | 55 | 18 | 27 | 20k+ | Non-prefixed function | ||
| #1848 | LexonRank: AI Link Building, Free Backlinks & SEO Automation | 55 | 15 | 20 | 1k+ | Nonce verification recommended | ||
| #1849 | Fast Page & Post Duplicator | 55 | 12 | 25 | 60k+ | Direct Query | ||
| #1850 | Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More | 55 | 44 | 64 | 7k+ | Text Domain Mismatch |