WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1951 | Disable Users | 69 | 11 | 9 | 2k+ | Text Domain Mismatch | ||
| #1952 | ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) | 69 | 511 | 51 | 4k+ | Text Domain Mismatch | ||
| #1953 | ELEX WooCommerce Discount Per Payment Method | 69 | 60 | 39 | 1k+ | Text Domain Mismatch | ||
| #1954 | Email as Username for WP-Members | 69 | 15 | 8 | 700 | Text Domain Mismatch | ||
| #1955 | Mailster WordPress Newsletter Plugin | 69 | 14 | 11 | 8k+ | Output is not escaped | ||
| #1956 | Payment Gateway for PhonePe and for Woocommerce | 69 | 15 | 14 | 900 | Non Singular String Literal Domain | ||
| #1957 | PrivacyBee – Datenschutz im Autopilot | 69 | 19 | 27 | 600 | Non-prefixed global variable | ||
| #1958 | Search & Filter | 69 | 21 | 28 | 50k+ | Input is not sanitized | ||
| #1959 | WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) | 69 | 9 | 24 | 700 | Non-prefixed constant | ||
| #1960 | AppScenic – Smart AI Dropshipping | 70 | 16 | 41 | 3k+ | Dynamic hook name | ||
| #1961 | onepay Payment Gateway For WooCommerce | 70 | 49 | 13 | 900 | Text Domain Mismatch | ||
| #1962 | Related Products for WooCommerce | 70 | 12 | 12 | 3k+ | Setting is missing a sanitization callback | ||
| #1963 | Quick Buy For Woocommerce | 70 | 105 | 22 | 1k+ | Text Domain Mismatch | ||
| #1964 | aapanel WP Toolkit | 71 | 20 | 18 | 2k+ | wp function not compatible with requires wp | ||
| #1965 | Web Accessibility with Max Access | 71 | 22 | 11 | 800 | curl curl setopt | ||
| #1966 | Social Chat Widget (⚡ by Callbell) | 71 | 11 | 6 | 600 | Output is not escaped | ||
| #1967 | Nginx Helper | 71 | 47 | 60 | 200k+ | Non-prefixed global variable | ||
| #1968 | WindPress – Tailwind CSS integration for WordPress | 71 | 16 | 106 | 3k+ | Non-prefixed hook name | ||
| #1969 | Discount Rules for WooCommerce | 71 | 10 | 454 | 100k+ | Non-prefixed global variable | ||
| #1970 | WP No Base Permalink | 71 | 8 | 10 | 10k+ | Unsafe printing function | ||
| #1971 | BB Delete cache | 72 | 3 | 15 | 900 | Input is not sanitized | ||
| #1972 | Waymark | 72 | 16 | 32 | 900 | Missing direct file access protection | ||
| #1973 | Clone Woo Orders – Free by WP Masters | 73 | 13 | 8 | 900 | Output is not escaped | ||
| #1974 | OpenID Connect Generic Client | 73 | 9 | 59 | 10k+ | Non-prefixed hook name | ||
| #1975 | Dash Notifier | 73 | 12 | 6 | 20k+ | Heredoc Output Not Escaped | ||
| #1976 | Force Password Change | 73 | 4 | 10 | 400 | Missing nonce verification | ||
| #1977 | Osom Modal Login | 73 | 40 | 12 | 400 | Text Domain Mismatch | ||
| #1978 | Sweet Custom Dashboard | 73 | 27 | 2 | 400 | Missing Arg Domain | ||
| #1979 | WC Order Test | 73 | 8 | 9 | 6k+ | Output is not escaped | ||
| #1980 | Boxy WooCommerce Custom Redirect After Checkout | 74 | 27 | 8 | 700 | badly named files | ||
| #1981 | Disable cart page for WooCommerce | 74 | 2 | 8 | 6k+ | Input is not sanitized | ||
| #1982 | ELEX WooCommerce USPS Shipping Method | 74 | 139 | 45 | 900 | Text Domain Mismatch | ||
| #1983 | Markup Markdown | 74 | 18 | 128 | 2k+ | Non-prefixed global variable | ||
| #1984 | Outfunnel: Web Visitor Tracking & CRM Integration | 74 | 34 | 9 | 600 | Short PHP open tag found | ||
| #1985 | WP Revisions Limit | 74 | 16 | 14 | 800 | Missing Arg Domain | ||
| #1986 | Hum | 75 | 8 | 2 | 600 | wp function not compatible with requires wp | ||
| #1987 | Intuitive Custom Post Order | 75 | 19 | 96 | 400k+ | Direct Query | ||
| #1988 | Ukrposhta | 75 | 24 | 226 | 500 | Non-prefixed global variable | ||
| #1989 | WP Hide Dashboard | 75 | 6 | 10 | 2k+ | trademarked term | ||
| #1990 | Advanced Image Gallery for Elementor – Grid, Carousel & Slideshow | 76 | 3 | 226 | 400 | Non-prefixed global variable | ||
| #1991 | Ajax Search Lite – Live Search & Filter | 76 | 126 | 264 | 80k+ | Non-prefixed hook name | ||
| #1992 | Drip for WordPress | 76 | 11 | 7 | 2k+ | Missing direct file access protection | ||
| #1993 | Form to Chat App ⚡️ | 76 | 4 | 13 | 2k+ | Nonce verification recommended | ||
| #1994 | WP AdCenter – Ad Manager & Adsense Ads | 76 | 5 | 71 | 1k+ | Direct Query | ||
| #1995 | Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty | 76 | 2,207 | 760 | 3k+ | Text Domain Mismatch | ||
| #1996 | Backup/Restore Divi Theme Options | 77 | 8 | 8 | 700 | Input is not validated | ||
| #1997 | Disable WP Registration Page Spam | 77 | 5 | 12 | 1k+ | Nonce verification recommended | ||
| #1998 | ELEX Hide WooCommerce Shipping Methods | 77 | 83 | 54 | 1k+ | Text Domain Mismatch | ||
| #1999 | Embed Files from Google Drive | 77 | 4 | 35 | 5k+ | Nonce verification recommended | ||
| #2000 | Unattach | 77 | 4 | 11 | 900 | Nonce verification recommended |