Does Redirector have any unpatched vulnerabilities?

No. All known vulnerabilities in Redirector have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Redirector compatible with WordPress 3.6.1?

According to WordPress.org data, Redirector 3.0.1 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Redirector updated?

Redirector was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Redirector's security score?

Redirector has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Redirector Security & Risk Analysis

wordpress.org/plugins/redirector

Redirect posts / pages / custom post types

8K active installs v3.0.1 PHP + WP 3.3+ Updated Nov 28, 2017

pageredirect

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Redirector Safe to Use in 2026?

Generally Safe

Score 85/100

Redirector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "redirector" plugin v3.0.1 exhibits a generally positive security posture with no known vulnerabilities and a small attack surface. The absence of critical taint analysis findings, dangerous functions, and file operations are strong indicators of secure coding practices. However, there are areas for improvement, particularly regarding output escaping. With only 32% of outputs properly escaped, there is a significant risk of cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is ever involved in these outputs, even if current static analysis did not detect explicit flows. The lack of capability checks on the single AJAX handler is also a concern, as it means potentially any user could trigger this functionality without proper authorization, leading to privilege escalation or denial-of-service if the AJAX action is sensitive.

Key Concerns

Low output escaping percentage
Missing capability checks on AJAX handler

Vulnerabilities

None known

Redirector Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Redirector Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

32% escaped22 total outputs

Attack Surface

Redirector Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_redirector-search-postsclasses\class.redirector.admin.php:51

WordPress Hooks 10

actionadmin_initclasses\class.redirector.admin.php:43

actionadmin_print_scripts-post.phpclasses\class.redirector.admin.php:44

actionadmin_print_scripts-post-new.phpclasses\class.redirector.admin.php:45

actionadmin_print_styles-post.phpclasses\class.redirector.admin.php:46

actionadmin_print_styles-post-new.phpclasses\class.redirector.admin.php:47

actionplugins_loadedclasses\class.redirector.admin.php:48

actionplugins_loadedclasses\class.redirector.admin.php:49

actionsave_postclasses\class.redirector.admin.php:50

actiontemplate_redirectclasses\class.redirector.php:34

actioncachify_skip_cacheclasses\class.redirector.php:35

Maintenance & Trust

Redirector Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedNov 28, 2017

PHP min version

Downloads88K

Community Trust

Rating100/100

Number of ratings7

Active installs8K

Alternatives

Redirector Alternatives

404 to 301 – Redirect, Log and Notify 404 Errors

404-to-301

Automatically redirect, log and notify all 404 page errors to any page using 301 redirect for SEO. No more 404 Errors in WebMaster tool.

100K 6 CVEs

Page Links To

page-links-to

Lets you make a WordPress page (or port or other content type) link to a URL of your choosing (on your site, or on another site), instead of its norma …

100K No CVEs