PLUGIN SECURITY
Is Redirect Redirection safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Redirect Redirection WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
redirect-redirection - Requires PHP: 5.6+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function]
+ 29 more known vulnerabilities
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'SaveSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'instantEditRedirect' function]
- Redirection [redirect-redirection] < 1.1.4 [Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'bulkDelete' function]
- Redirection [redirect-redirection] < 1.1.4 [WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control]
- Redirection [redirect-redirection] < 1.1.5 [Redirect Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin De-Installation]
- Redirection [redirect-redirection] < 1.1.5 [WordPress Redirect Redirection Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)]
- Redirection [redirect-redirection] < 1.1.5 [CVE-2023-1330, Redirection < 1.1.4 - Redirect Creation via CSRF]
- Redirection [redirect-redirection] < 1.1.5 [CVE-2023-1331, WordPress Redirection Plugin < 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF), Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin Reset, Redirection < 1.1.5 - Plugin Reset via CSRF]
- Redirection [redirect-redirection] < 1.1.4 [CVE-2023-0958, Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function, WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control]
- Redirection [redirect-redirection] < 1.1.4 [CVE-2023-3977, Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function, WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF), Multiple Plugins from Inisev - Plugin Installation via CSRF]
- Redirection [redirect-redirection] < 1.1.4 [CVE-2023-38514, Multiple Plugins from Inisev - Subscriber+ Plugin Installation]
- Redirection [redirect-redirection] < 1.2.0 [CVE-2024-31435, WordPress Redirect Redirection Plugin <= 1.1.9 is vulnerable to Broken Access Control, Inisev Analyst Module <= Various Versions - Missing Authorization]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Redirection — 2000000+ active installs — max PHP 8.4
- Broken Link Checker by AIOSEO – Find & Fix Broken Internal, External & Video Links — 300000+ active installs — max PHP 8.4
- 404 to 301 – Redirect Manager, 404 Error Logs & Notifications — 100000+ active installs — max PHP 8.4
- Smart Custom 404 Error Page — 100000+ active installs
- WP 404 Auto Redirect to Similar Post — 30000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.