WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

wp redirect wp redirect

Plugin Check reported a security-sensitive coding pattern that needs review.

critical weight

Why It Shows Up

The finding came from a security-focused WordPress coding standard or Plugin Check rule.

Why It Matters

Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.

How to Fix

  • Identify the untrusted value or privileged action involved.
  • Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
  • Rerun Plugin Check after the code path is fixed.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2001Unattach77411900Nonce verification recommended
#2002WPA WooCommerce Product Gallery Slider Lite776652400Text Domain Mismatch
#2003Pay with PAYUNi77913500Input is not sanitized
#2004ELEX WooCommerce Address Validation & Google Address Autocomplete Plugin787340700Missing Arg Domain
#2005Bookvault781310700Nonce verification recommended
#2006Web3 Crypto Payments by DePay for WooCommerce7861011k+Direct Query
#2007Thumbnails and Featured Images7816141k+Short PHP open tag found
#2008Blocks for Products791813400Non Singular String Literal Domain
#2009WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map by aBlocks7961020k+trademarked term
#2010WPMagPlus Companion7910416700Text Domain Mismatch
#2011Button8065282k+Text Domain Mismatch
#2012Duo Universal806252k+Nonce verification recommended
#2013SteadFast API802238k+Non-prefixed global variable
#2014Ceylon Demo Installer81119400Non-prefixed function
#2015GIFTiT – Free Gifts for WooCommerce81433572k+Non-prefixed global variable
#2016REPORTiT – Advanced Reporting for WooCommerce81998700Non-prefixed global variable
#2017Migrate Guru – Site Migration & Cloning8178200k+Database parameter is not escaped
#2018Nice Search8145900Input is not sanitized
#2019Payfast Gateway for WooCommerce812182k+Missing nonce verification
#2020Redirect by Custom Field8156600Nonce verification recommended
#2021Simple Page Redirect813710k+Request data is not unslashed
#2022Intranet & Private Site – All-In-One Intranet821114k+Input is not sanitized
#2023BlogVault Backup & Staging82532280k+Missing direct file access protection
#2024Custom 404 Error Page821231k+Text Domain Mismatch
#2025Editor Blocks for Gutenberg8268700Missing direct file access protection
#2026EP Exporter for Contact Form 7 (CF7)82120400Database parameter is not escaped
#2027MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall825522200k+Missing direct file access protection
#2028WebP Conversion821333k+Non-prefixed global variable
#2029Search Insights – Privacy-Friendly Search Analytics827503k+Non-prefixed global variable
#2030The WP Remote WordPress Plugin82512430k+Missing direct file access protection
#2031Starter Templates by Gradient Themes832773k+Text Domain Mismatch
#2032JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable83117k+Request data is not unslashed
#2033NETSENSAI Shield8310161k+Nonce verification recommended
#2034Acme Demo Setup848610k+Non-prefixed function
#2035WP All Import – Import Add-On for ACF8434640k+Non-prefixed global variable
#2036Widgets for Google Reviews and Ratings842102k+Missing nonce verification
#2037Backlinks Saver85353k+Deprecated parameter value found
#2038Comments Import & Export8511292k+wp function not compatible with requires wp
#2039MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce85678k+Missing Translators Comment
#2040Classic Editor +861440k+Input is not sanitized
#2041Ticket Tailor — Event Ticketing & Registration86334k+Non Enqueued Script
#2042Image Optimizer – Optimize Images and Convert to WebP or AVIF8714241m+Missing Translators Comment
#2043Booking Engine by Lodgify87515700Non-prefixed global variable
#2044Object Cache 4 everyone872655k+Non-prefixed function
#2045Simple Catalog for WooCommerce87241k+wp redirect wp redirect
#2046Block Editor Colors882393k+Missing Arg Domain
#2047Duplicate Pages, Posts and CPT88255k+Input is not sanitized
#2048GutenTOC – Advanced Table of Contents88510700Missing Version
#2049Image Hover Effects – WordPress Plugin88253k+Input is not sanitized
#2050SimpleMaps888119600wp function not compatible with requires wp