WP-Safety

Geo Redirects Lite Security & Risk Analysis

wordpress.org/plugins/geo-redirects

Create Geo redirects in an incredible easy way and use different set of rules to match users

10 active installs v1.0.0 PHP + WP + Updated Jun 19, 2017
geo-redirectiongeo-redirectsgeolitegeotargetingredirect-by-country
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Geo Redirects Lite Safe to Use in 2026?

Generally Safe

Score 85/100

Geo Redirects Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "geo-redirects" plugin v1.0.0 presents a moderate security risk due to a combination of concerning coding practices and a limited, albeit potentially dangerous, attack surface. While the plugin demonstrates good practices in SQL query handling and avoids external HTTP requests or file operations, the presence of two AJAX handlers without any authentication or nonce checks is a significant concern. This directly exposes these entry points to potential unauthorized access and manipulation. The use of the `unserialize` function, even without explicit taint analysis findings, raises a red flag as it can lead to deserialization vulnerabilities if the input is not strictly controlled and validated. The relatively low percentage of properly escaped output also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of any recorded vulnerability history is a positive sign, indicating either a history of secure development or a lack of prior security scrutiny. However, this should not overshadow the immediate risks identified in the code analysis. In conclusion, while the plugin has some strengths, the unprotected AJAX endpoints and the use of `unserialize` create exploitable weaknesses that require immediate attention to mitigate potential security incidents.

Key Concerns

  • AJAX handlers without auth checks
  • Unsanitized unserialize function used
  • Low percentage of properly escaped output
  • Bundled Guzzle library
Vulnerabilities
None known

Geo Redirects Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Geo Redirects Lite Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
9
13 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$rules = !empty($r->geotr_rules) ? unserialize($r->geotr_rules) : array();public\class-geotr-public.php:29

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared1 total queries

Output Escaping

59% escaped22 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-geotr-helper> (includes\class-geotr-helper.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Geo Redirects Lite Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_geotr/field_group/render_rulesincludes\class-geotr.php:222
authwp_ajax_geotr/field_group/render_operatorincludes\class-geotr.php:223
WordPress Hooks 61
filtergeotr/rules/rule_match/countryincludes\class-geotr-rules.php:24
filtergeotr/rules/rule_match/country_regionincludes\class-geotr-rules.php:25
filtergeotr/rules/rule_match/cityincludes\class-geotr-rules.php:26
filtergeotr/rules/rule_match/city_regionincludes\class-geotr-rules.php:27
filtergeotr/rules/rule_match/stateincludes\class-geotr-rules.php:28
filtergeotr/rules/rule_match/user_typeincludes\class-geotr-rules.php:31
filtergeotr/rules/rule_match/logged_userincludes\class-geotr-rules.php:32
filtergeotr/rules/rule_match/left_commentincludes\class-geotr-rules.php:33
filtergeotr/rules/rule_match/search_engineincludes\class-geotr-rules.php:34
filtergeotr/rules/rule_match/same_siteincludes\class-geotr-rules.php:35
filtergeotr/rules/rule_match/post_typeincludes\class-geotr-rules.php:38
filtergeotr/rules/rule_match/post_idincludes\class-geotr-rules.php:39
filtergeotr/rules/rule_match/postincludes\class-geotr-rules.php:40
filtergeotr/rules/rule_match/post_categoryincludes\class-geotr-rules.php:41
filtergeotr/rules/rule_match/post_formatincludes\class-geotr-rules.php:42
filtergeotr/rules/rule_match/post_statusincludes\class-geotr-rules.php:43
filtergeotr/rules/rule_match/taxonomyincludes\class-geotr-rules.php:44
filtergeotr/rules/rule_match/pageincludes\class-geotr-rules.php:47
filtergeotr/rules/rule_match/page_typeincludes\class-geotr-rules.php:48
filtergeotr/rules/rule_match/page_parentincludes\class-geotr-rules.php:49
filtergeotr/rules/rule_match/page_templateincludes\class-geotr-rules.php:50
filtergeotr/rules/rule_match/custom_urlincludes\class-geotr-rules.php:53
filtergeotr/rules/rule_match/mobilesincludes\class-geotr-rules.php:54
filtergeotr/rules/rule_match/tabletsincludes\class-geotr-rules.php:55
filtergeotr/rules/rule_match/desktopincludes\class-geotr-rules.php:56
filtergeotr/rules/rule_match/referrerincludes\class-geotr-rules.php:57
filtergeotr/rules/rule_match/crawlersincludes\class-geotr-rules.php:58
filtergeotr/rules/rule_match/query_stringincludes\class-geotr-rules.php:59
actiongeotr/rules/print_country_fieldincludes\class-geotr-rules.php:98
actiongeotr/rules/print_country_region_fieldincludes\class-geotr-rules.php:99
actiongeotr/rules/print_city_region_fieldincludes\class-geotr-rules.php:100
actiongeotr/rules/print_city_fieldincludes\class-geotr-rules.php:101
actiongeotr/rules/print_state_fieldincludes\class-geotr-rules.php:102
actiongeotr/rules/print_user_type_fieldincludes\class-geotr-rules.php:105
actiongeotr/rules/print_logged_user_fieldincludes\class-geotr-rules.php:106
actiongeotr/rules/print_left_comment_fieldincludes\class-geotr-rules.php:107
actiongeotr/rules/print_search_engine_fieldincludes\class-geotr-rules.php:108
actiongeotr/rules/print_same_site_fieldincludes\class-geotr-rules.php:109
actiongeotr/rules/print_post_type_fieldincludes\class-geotr-rules.php:112
actiongeotr/rules/print_post_id_fieldincludes\class-geotr-rules.php:113
actiongeotr/rules/print_post_fieldincludes\class-geotr-rules.php:114
actiongeotr/rules/print_post_category_fieldincludes\class-geotr-rules.php:115
actiongeotr/rules/print_post_format_fieldincludes\class-geotr-rules.php:116
actiongeotr/rules/print_post_status_fieldincludes\class-geotr-rules.php:117
actiongeotr/rules/print_taxonomy_fieldincludes\class-geotr-rules.php:118
actiongeotr/rules/print_page_fieldincludes\class-geotr-rules.php:121
actiongeotr/rules/print_page_type_fieldincludes\class-geotr-rules.php:122
actiongeotr/rules/print_page_parent_fieldincludes\class-geotr-rules.php:123
actiongeotr/rules/print_page_template_fieldincludes\class-geotr-rules.php:124
actiongeotr/rules/print_custom_url_fieldincludes\class-geotr-rules.php:127
actiongeotr/rules/print_mobiles_fieldincludes\class-geotr-rules.php:128
actiongeotr/rules/print_desktop_fieldincludes\class-geotr-rules.php:129
actiongeotr/rules/print_tablets_fieldincludes\class-geotr-rules.php:130
actiongeotr/rules/print_crawlers_fieldincludes\class-geotr-rules.php:131
actiongeotr/rules/print_referrer_fieldincludes\class-geotr-rules.php:132
actiongeotr/rules/print_query_string_fieldincludes\class-geotr-rules.php:133
actionplugins_loadedincludes\class-geotr.php:184
actioninitincludes\class-geotr.php:197
actionadd_meta_boxes_geotr_cptincludes\class-geotr.php:216
actionsave_post_geotr_cptincludes\class-geotr.php:217
actionadmin_enqueue_scriptsincludes\class-geotr.php:219
Maintenance & Trust

Geo Redirects Lite Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJun 19, 2017
PHP min version
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Geo Redirects Lite Alternatives

Advanced GeoIP Redirect

Advanced GeoIP Redirect

adv-geoip-redirect

A
100

Redirect Visitors Based on their Geolocation Country!

1K No CVEs
belingoGeo

belingoGeo

belingogeo

A
98

The plugin adds the ability to select cities, unique pages are created with a unique url for each city. This allows you to uniqueize content.

1K 1 CVE
Geo Redirect

Geo Redirect

geo-targetly-geo-redirect

A
100

Redirect visitors based on geolocation (country, state, city, lat/lng/radius)

1K No CVEs
GeoTargeting Lite – WordPress Geolocation

GeoTargeting Lite – WordPress Geolocation

geotargeting

A
85

GeoTargeting for WordPress will let you country-target your content based on users IP's and Geocountry Ip database

1K No CVEs
If-So Conditional Content for Elementor

If-So Conditional Content for Elementor

if-so-conditional-elementor-elements

A
100

Conditional Logic for Elementor. No setup or coding required. Fully compatible with any caching solution.

1K No CVEs
Developer Profile

Geo Redirects Lite Developer Profile

Damian

6 plugins · 34K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
181 days
View full developer profile
Detection Fingerprints

How We Detect Geo Redirects Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/geo-redirects/admin/css/geotr-admin.css/wp-content/plugins/geo-redirects/admin/js/geotr-admin.js
Script Paths
/wp-content/plugins/geo-redirects/admin/js/geotr-admin.js
Version Parameters
geo-redirects/admin/css/geotr-admin.css?ver=geo-redirects/admin/js/geotr-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-geotr-noncedata-geotr-admin-url
JS Globals
geotr_js
FAQ

Frequently Asked Questions about Geo Redirects Lite