WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
wp redirect wp redirect
Plugin Check reported a security-sensitive coding pattern that needs review.
Why It Shows Up
The finding came from a security-focused WordPress coding standard or Plugin Check rule.
Why It Matters
Security findings often involve trust boundaries: request input, browser output, redirects, database access, capabilities, or filesystem behavior.
How to Fix
- Identify the untrusted value or privileged action involved.
- Add validation, sanitization, escaping, nonce checks, capability checks, or prepared SQL as appropriate.
- Rerun Plugin Check after the code path is fixed.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2001 | Unattach | 77 | 4 | 11 | 900 | Nonce verification recommended | ||
| #2002 | WPA WooCommerce Product Gallery Slider Lite | 77 | 66 | 52 | 400 | Text Domain Mismatch | ||
| #2003 | Pay with PAYUNi | 77 | 9 | 13 | 500 | Input is not sanitized | ||
| #2004 | ELEX WooCommerce Address Validation & Google Address Autocomplete Plugin | 78 | 73 | 40 | 700 | Missing Arg Domain | ||
| #2005 | Bookvault | 78 | 13 | 10 | 700 | Nonce verification recommended | ||
| #2006 | Web3 Crypto Payments by DePay for WooCommerce | 78 | 6 | 101 | 1k+ | Direct Query | ||
| #2007 | Thumbnails and Featured Images | 78 | 16 | 14 | 1k+ | Short PHP open tag found | ||
| #2008 | Blocks for Products | 79 | 18 | 13 | 400 | Non Singular String Literal Domain | ||
| #2009 | WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map by aBlocks | 79 | 6 | 10 | 20k+ | trademarked term | ||
| #2010 | WPMagPlus Companion | 79 | 104 | 16 | 700 | Text Domain Mismatch | ||
| #2011 | Button | 80 | 65 | 28 | 2k+ | Text Domain Mismatch | ||
| #2012 | Duo Universal | 80 | 6 | 25 | 2k+ | Nonce verification recommended | ||
| #2013 | SteadFast API | 80 | 2 | 23 | 8k+ | Non-prefixed global variable | ||
| #2014 | Ceylon Demo Installer | 81 | 11 | 9 | 400 | Non-prefixed function | ||
| #2015 | GIFTiT – Free Gifts for WooCommerce | 81 | 43 | 357 | 2k+ | Non-prefixed global variable | ||
| #2016 | REPORTiT – Advanced Reporting for WooCommerce | 81 | 9 | 98 | 700 | Non-prefixed global variable | ||
| #2017 | Migrate Guru – Site Migration & Cloning | 81 | 7 | 8 | 200k+ | Database parameter is not escaped | ||
| #2018 | Nice Search | 81 | 4 | 5 | 900 | Input is not sanitized | ||
| #2019 | Payfast Gateway for WooCommerce | 81 | 2 | 18 | 2k+ | Missing nonce verification | ||
| #2020 | Redirect by Custom Field | 81 | 5 | 6 | 600 | Nonce verification recommended | ||
| #2021 | Simple Page Redirect | 81 | 3 | 7 | 10k+ | Request data is not unslashed | ||
| #2022 | Intranet & Private Site – All-In-One Intranet | 82 | 1 | 11 | 4k+ | Input is not sanitized | ||
| #2023 | BlogVault Backup & Staging | 82 | 53 | 22 | 80k+ | Missing direct file access protection | ||
| #2024 | Custom 404 Error Page | 82 | 12 | 3 | 1k+ | Text Domain Mismatch | ||
| #2025 | Editor Blocks for Gutenberg | 82 | 6 | 8 | 700 | Missing direct file access protection | ||
| #2026 | EP Exporter for Contact Form 7 (CF7) | 82 | 1 | 20 | 400 | Database parameter is not escaped | ||
| #2027 | MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall | 82 | 55 | 22 | 200k+ | Missing direct file access protection | ||
| #2028 | WebP Conversion | 82 | 1 | 33 | 3k+ | Non-prefixed global variable | ||
| #2029 | Search Insights – Privacy-Friendly Search Analytics | 82 | 7 | 50 | 3k+ | Non-prefixed global variable | ||
| #2030 | The WP Remote WordPress Plugin | 82 | 51 | 24 | 30k+ | Missing direct file access protection | ||
| #2031 | Starter Templates by Gradient Themes | 83 | 27 | 7 | 3k+ | Text Domain Mismatch | ||
| #2032 | JSM Force HTTP to HTTPS / SSL – No Setup, Fast and Reliable | 83 | 11 | 7k+ | Request data is not unslashed | |||
| #2033 | NETSENSAI Shield | 83 | 10 | 16 | 1k+ | Nonce verification recommended | ||
| #2034 | Acme Demo Setup | 84 | 8 | 6 | 10k+ | Non-prefixed function | ||
| #2035 | WP All Import – Import Add-On for ACF | 84 | 3 | 46 | 40k+ | Non-prefixed global variable | ||
| #2036 | Widgets for Google Reviews and Ratings | 84 | 2 | 10 | 2k+ | Missing nonce verification | ||
| #2037 | Backlinks Saver | 85 | 3 | 5 | 3k+ | Deprecated parameter value found | ||
| #2038 | Comments Import & Export | 85 | 112 | 9 | 2k+ | wp function not compatible with requires wp | ||
| #2039 | MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce | 85 | 6 | 7 | 8k+ | Missing Translators Comment | ||
| #2040 | Classic Editor + | 86 | 1 | 4 | 40k+ | Input is not sanitized | ||
| #2041 | Ticket Tailor — Event Ticketing & Registration | 86 | 3 | 3 | 4k+ | Non Enqueued Script | ||
| #2042 | Image Optimizer – Optimize Images and Convert to WebP or AVIF | 87 | 14 | 24 | 1m+ | Missing Translators Comment | ||
| #2043 | Booking Engine by Lodgify | 87 | 5 | 15 | 700 | Non-prefixed global variable | ||
| #2044 | Object Cache 4 everyone | 87 | 2 | 65 | 5k+ | Non-prefixed function | ||
| #2045 | Simple Catalog for WooCommerce | 87 | 2 | 4 | 1k+ | wp redirect wp redirect | ||
| #2046 | Block Editor Colors | 88 | 23 | 9 | 3k+ | Missing Arg Domain | ||
| #2047 | Duplicate Pages, Posts and CPT | 88 | 2 | 5 | 5k+ | Input is not sanitized | ||
| #2048 | GutenTOC – Advanced Table of Contents | 88 | 5 | 10 | 700 | Missing Version | ||
| #2049 | Image Hover Effects – WordPress Plugin | 88 | 2 | 5 | 3k+ | Input is not sanitized | ||
| #2050 | SimpleMaps | 88 | 81 | 19 | 600 | wp function not compatible with requires wp |