WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1851 | Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More | 55 | 44 | 64 | 7k+ | Text Domain Mismatch | ||
| #1852 | Payment Integration Wompi – El Salvador | 55 | 50 | 27 | 800 | Text Domain Mismatch | ||
| #1853 | BotPenguin – Generative AI Chatbot with Live Chat & ChatGPT | 56 | 12 | 7 | 600 | Unsafe printing function | ||
| #1854 | FV Top Level Categories | 56 | 24 | 16 | 20k+ | Text Domain Mismatch | ||
| #1855 | Kwayy HTML Sitemap | 56 | 13 | 19 | 6k+ | Missing nonce verification | ||
| #1856 | Free Live Chat Support | 56 | 9 | 20 | 600 | Output is not escaped | ||
| #1857 | Maya Business Plugin | 56 | 9 | 39 | 500 | Input is not validated | ||
| #1858 | Replace Protected Password | 56 | 6 | 18 | 600 | Input is not sanitized | ||
| #1859 | Image Optimization For SEO | 56 | 116 | 69 | 3k+ | Non Singular String Literal Domain | ||
| #1860 | TextBuilder | 56 | 20 | 34 | 4k+ | Missing Arg Domain | ||
| #1861 | WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance | 56 | 5 | 774 | 1m+ | Non-prefixed global variable | ||
| #1862 | Pantheon Migrations | 57 | 15 | 26 | 1k+ | Output is not escaped | ||
| #1863 | Logo Manager For Enamad – لوگوی نماد الکترونیکی | 57 | 18 | 14 | 5k+ | Output is not escaped | ||
| #1864 | MC4WP: Mailchimp for WordPress | 57 | 238 | 1m+ | Non-prefixed global variable | |||
| #1865 | Protected Posts Logout Button | 57 | 10 | 20 | 1k+ | Input is not sanitized | ||
| #1866 | WC Call For Price | 57 | 19 | 55 | 1k+ | Non-prefixed global variable | ||
| #1867 | XML Feed for Skroutz & BestPrice for WooCommerce | 57 | 12 | 50 | 600 | Input is not sanitized | ||
| #1868 | Go Redirects URL Forwarder | 58 | 17 | 14 | 1k+ | Output is not escaped | ||
| #1869 | Houzez WooCommerce Addon | 58 | 22 | 21 | 4k+ | Missing Translators Comment | ||
| #1870 | Remove CPT base | 58 | 15 | 16 | 10k+ | Input is not sanitized | ||
| #1871 | Cloak Affiliate Links for WooCommerce | 58 | 28 | 6 | 2k+ | Non Singular String Literal Domain | ||
| #1872 | Connect SendGrid for Emails | 59 | 37 | 103 | 900 | Missing direct file access protection | ||
| #1873 | ELEX WooCommerce Name Your Price | 59 | 295 | 117 | 600 | Missing Arg Domain | ||
| #1874 | Icon List | 59 | 83 | 11 | 1k+ | Text Domain Mismatch | ||
| #1875 | Importify – AI Dropshipping for WooCommerce | 59 | 22 | 71 | 2k+ | Non-prefixed global variable | ||
| #1876 | pensopay Payments v2 | 59 | 413 | 32 | 1k+ | Non Singular String Literal Domain | ||
| #1877 | SureFeedback Client Site | 59 | 47 | 24 | 5k+ | Text Domain Mismatch | ||
| #1878 | Remove Add to Cart Button for WooCommerce | 59 | 115 | 18 | 500 | Text Domain Mismatch | ||
| #1879 | Subscribers – Free Web Push Notifications | 59 | 15 | 11 | 1k+ | Output is not escaped | ||
| #1880 | Super Progressive Web Apps | 59 | 62 | 22 | 40k+ | wp function not compatible with requires wp | ||
| #1881 | Konnect Payment Gateway for WooCommerce | 59 | 39 | 16 | 400 | Text Domain Mismatch | ||
| #1882 | Payment Gateway for LiqPay for Woocommerce | 59 | 84 | 31 | 1k+ | Text Domain Mismatch | ||
| #1883 | Variation Swatches for WooCommerce | 59 | 11 | 64 | 300k+ | Non-prefixed global variable | ||
| #1884 | Kubio AI Page Builder | 60 | 283 | 77 | 90k+ | Missing direct file access protection | ||
| #1885 | Mailster AmazonSES Integration | 60 | 52 | 25 | 1k+ | Missing Arg Domain | ||
| #1886 | Stratum Widgets for Elementor | 60 | 66 | 366 | 20k+ | Non-prefixed global variable | ||
| #1887 | Team – Team Members Showcase Plugin | 60 | 12 | 781 | 10k+ | Non-prefixed global variable | ||
| #1888 | ELEX WooCommerce Catalog Mode | 61 | 97 | 49 | 10k+ | Text Domain Mismatch | ||
| #1889 | GetPaid Stripe Payments | 61 | 206 | 44 | 2k+ | Text Domain Mismatch | ||
| #1890 | PW WooCommerce Copy Coupon | 61 | 15 | 17 | 1k+ | Text Domain Mismatch | ||
| #1891 | HuCommerce | Magyar kiegészítések WooCommerce webáruházakhoz | 61 | 17 | 194 | 10k+ | Non-prefixed function | ||
| #1892 | QR Code PicPay for WooCommerce | 61 | 15 | 25 | 600 | Non-prefixed global variable | ||
| #1893 | Related Products Slider for WooCommerce – Boost Sales with Smart Product Recommendations | 61 | 81 | 13 | 1k+ | Text Domain Mismatch | ||
| #1894 | AMS Post And Page Duplicator | 62 | 14 | 13 | 600 | Text Domain Mismatch | ||
| #1895 | ARI Fancy Lightbox – Popup for WordPress | 62 | 8 | 107 | 10k+ | Non-prefixed namespace | ||
| #1896 | Check for Broken Links – Broken Link Checker & 404 Monitor | 62 | 2 | 32 | 500 | Missing nonce verification | ||
| #1897 | DreamHost Automated Migration | 62 | 15 | 23 | 20k+ | Output is not escaped | ||
| #1898 | Equalweb Accessibility | 62 | 21 | 5 | 4k+ | Output is not escaped | ||
| #1899 | Migrate To Liquid Web & Nexcess | 62 | 15 | 23 | 2k+ | Output is not escaped | ||
| #1900 | Pressable Automated Migration | 62 | 15 | 23 | 3k+ | Output is not escaped |