WP-Safety

Quick Page/Post Redirect Plugin Security & Risk Analysis

wordpress.org/plugins/quick-pagepost-redirect-plugin

Easily redirect pages/posts or custom post types to another page/post or external URL by specifying the redirect URL and type (301, 302, 307, meta).

70K active installs v5.2.4 PHP + WP 4.0+ Updated Jun 8, 2023
301302forwardmetaredirect
83
B · Generally Safe
CVEs total3
Unpatched0
Last CVEMay 12, 2023
Plugin page Download
Safety Verdict

Is Quick Page/Post Redirect Plugin Safe to Use in 2026?

Mostly Safe

Score 83/100

Quick Page/Post Redirect Plugin is generally safe to use though it hasn't been updated recently. 3 past CVEs were resolved. Keep it updated.

3 known CVEsLast CVE: May 12, 2023Updated 2yr ago
Risk Assessment

The quick-pagepost-redirect-plugin v5.2.4 exhibits a mixed security posture. On the positive side, the plugin has a relatively small attack surface with all identified AJAX handlers protected by authentication checks. It also demonstrates good practices in handling SQL queries and includes a healthy number of nonce and capability checks. However, the presence of the 'unserialize' function is a significant concern, as it can lead to deserialization vulnerabilities if not handled with extreme care, especially when dealing with user-supplied data.

The vulnerability history reveals a pattern of previously disclosed issues, including high and medium severity vulnerabilities related to Improper Access Control and Cross-site Scripting. While there are currently no unpatched CVEs, the historical trend suggests a need for ongoing vigilance and prompt patching of any future disclosures. The limited taint analysis with no critical or high severity flows is a positive sign, but it doesn't fully mitigate the risks associated with potentially unsafe functions like 'unserialize'.

In conclusion, while the plugin has made strides in implementing security measures like authentication and capability checks, the presence of 'unserialize' and the historical vulnerability record necessitate careful review and ongoing monitoring. The lack of critical taint flows is encouraging, but the potential for deserialization vulnerabilities and past access control/XSS issues remain key weaknesses that should be addressed to improve the overall security.

Key Concerns

  • Presence of 'unserialize' function
  • Historical high severity vulnerability (Improper Access Control)
  • Historical medium severity vulnerability (XSS)
  • Only 31% of outputs properly escaped
Vulnerabilities
3

Quick Page/Post Redirect Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
1 CVE in 2020
2020
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2023-25063medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

May 12, 2023 Patched in 5.2.4 (256d)
CVE-2020-36699medium · 4.3Improper Access Control

Quick Page/Post Redirect Plugin <= 5.1.9 - Redirect Security Bypass

Apr 28, 2020 Patched in 5.2.0 (1365d)
CVE-2014-2598high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Aug 1, 2014 Patched in 5.0.5 (3462d)
Code Analysis
Analyzed Mar 16, 2026

Quick Page/Post Redirect Plugin Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
4 prepared
Unescaped Output
179
82 escaped
Nonce Checks
11
Capability Checks
13
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$config_file = unserialize(base64_decode(substr($config_file, strlen('QUICKPAGEPOSTREDIRECT'))));page_post_redirect_plugin.php:1638

SQL Query Safety

80% prepared5 total queries

Output Escaping

31% escaped261 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ppr_parse_request_new (page_post_redirect_plugin.php:1545)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Quick Page/Post Redirect Plugin Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_qppr_delete_all_settingspage_post_redirect_plugin.php:116
authwp_ajax_qppr_delete_all_iredirectspage_post_redirect_plugin.php:117
authwp_ajax_qppr_delete_all_qredirectspage_post_redirect_plugin.php:118
authwp_ajax_qppr_delete_quick_redirectpage_post_redirect_plugin.php:119
authwp_ajax_qppr_save_quick_redirectpage_post_redirect_plugin.php:120
authwp_ajax_qppr_pprhidemessage_ajaxpage_post_redirect_plugin.php:121
WordPress Hooks 46
actionadmin_initpage_post_redirect_plugin.php:103
actionadmin_initpage_post_redirect_plugin.php:104
actionadmin_initpage_post_redirect_plugin.php:105
actioninitpage_post_redirect_plugin.php:106
actionsave_postpage_post_redirect_plugin.php:107
actionadmin_menupage_post_redirect_plugin.php:108
filterplugin_row_metapage_post_redirect_plugin.php:110
actionplugins_loadedpage_post_redirect_plugin.php:111
filterquery_varspage_post_redirect_plugin.php:112
actionadmin_enqueue_scriptspage_post_redirect_plugin.php:113
actionadmin_enqueue_scriptspage_post_redirect_plugin.php:114
actionwp_enqueue_scriptspage_post_redirect_plugin.php:115
filterqppr_admin_pointers-toplevel_page_redirect-updatespage_post_redirect_plugin.php:122
filterqppr_admin_pointers-quick-redirects_page_redirect-optionspage_post_redirect_plugin.php:123
filterqppr_admin_pointers-quick-redirects_page_meta_addonpage_post_redirect_plugin.php:124
actioninitpage_post_redirect_plugin.php:128
actioninitpage_post_redirect_plugin.php:129
actionppr_meta_head_hookpage_post_redirect_plugin.php:130
actiontemplate_redirectpage_post_redirect_plugin.php:131
filterwp_get_nav_menu_itemspage_post_redirect_plugin.php:132
filterwp_list_pagespage_post_redirect_plugin.php:133
filterpage_linkpage_post_redirect_plugin.php:134
filterpost_linkpage_post_redirect_plugin.php:135
filterpost_type_linkpage_post_redirect_plugin.php:136
filterget_permalinkpage_post_redirect_plugin.php:137
filterredirect_canonicalpage_post_redirect_plugin.php:138
filterpre_get_postspage_post_redirect_plugin.php:142
filtermanage_post_posts_columnspage_post_redirect_plugin.php:520
actionmanage_post_posts_custom_columnpage_post_redirect_plugin.php:521
filtermanage_page_posts_columnspage_post_redirect_plugin.php:525
actionmanage_page_posts_custom_columnpage_post_redirect_plugin.php:526
filtermanage_post_posts_columnspage_post_redirect_plugin.php:537
actionmanage_post_posts_custom_columnpage_post_redirect_plugin.php:538
filtermanage_page_posts_columnspage_post_redirect_plugin.php:541
actionmanage_page_posts_custom_columnpage_post_redirect_plugin.php:542
actionadmin_initpage_post_redirect_plugin.php:582
filtersanitize_post_meta__pprredirect_newwindowpage_post_redirect_plugin.php:1882
filtersanitize_post_meta__pprredirect_activepage_post_redirect_plugin.php:1883
actionadmin_noticespage_post_redirect_plugin.php:2392
filtersanitize_option_quickppr_redirectspage_post_redirect_plugin.php:2649
filtersanitize_option_quickppr_redirects_metapage_post_redirect_plugin.php:2663
filtersanitize_post_meta__pprredirect_activepage_post_redirect_plugin.php:2668
filtersanitize_post_meta__pprredirect_newwindowpage_post_redirect_plugin.php:2673
filtersanitize_post_meta__pprredirect_relnofollowpage_post_redirect_plugin.php:2678
filtersanitize_post_meta__pprredirect_rewritelinkpage_post_redirect_plugin.php:2683
filtersanitize_post_meta__pprredirect_typepage_post_redirect_plugin.php:2692
Maintenance & Trust

Quick Page/Post Redirect Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJun 8, 2023
PHP min version
Downloads2.3M

Community Trust

Rating88/100
Number of ratings146
Active installs70K
Alternatives

Quick Page/Post Redirect Plugin Alternatives

Redirect List

Redirect List

redirect-list

A
85

A really lightweight, clean and simple 301, 302 or 307 HTTP redirect plugin that also supports matching of GET query parameters.

1K No CVEs
1ON1 URL REDIRECTS

1ON1 URL REDIRECTS

1on1-url-redirects

A
100

Easily redirect pages, posts and tags or custom post types to another page or post or external URL by specifying the redirect URL.

200 No CVEs
Attachment Pages Redirect

Attachment Pages Redirect

attachment-pages-redirect

A
100

Redirect attachment pages or return a 404 error for them based on the parent post status.

20K No CVEs
404 Solution

404 Solution

404-solution

A
86

The smartest 404 plugin for WordPress - finds what your visitors were actually looking for.

10K 8 CVEs
Redirectioner

Redirectioner

404-redirected

A
85

Creates automatic redirects for 404 traffic and page suggestions when matches are not found providing better service to your web visitors.

2K No CVEs
Developer Profile

Quick Page/Post Redirect Plugin Developer Profile

anadnet

1 plugin · 70K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
1694 days
View full developer profile
Detection Fingerprints

How We Detect Quick Page/Post Redirect Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-admin-scripts.js/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-frontend-scripts.js/wp-content/plugins/quick-pagepost-redirect-plugin/css/qppr-admin-styles.css/wp-content/plugins/quick-pagepost-redirect-plugin/css/qppr-pointer.css
Script Paths
/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-admin-scripts.js/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-frontend-scripts.js/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-admin-scripts.js?ver=/wp-content/plugins/quick-pagepost-redirect-plugin/js/qppr-frontend-scripts.js?ver=
Version Parameters
quick-pagepost-redirect-plugin/js/qppr-admin-scripts.js?ver=quick-pagepost-redirect-plugin/js/qppr-frontend-scripts.js?ver=quick-pagepost-redirect-plugin/css/qppr-admin-styles.css?ver=quick-pagepost-redirect-plugin/css/qppr-pointer.css?ver=

HTML / DOM Fingerprints

CSS Classes
qppr_redirects_tableqppr_redirect_saveqppr_redirect_deleteqppr_redirect_edit
HTML Comments
<!-- quick-pagepost-redirect-plugin --><!-- quick-pagepost-redirect-plugin - Meta Redirects --><!-- quick-pagepost-redirect-plugin - Meta Redirects END -->
Data Attributes
data-qppr-iddata-qppr-action
JS Globals
qppr_ajax_obj
FAQ

Frequently Asked Questions about Quick Page/Post Redirect Plugin