WP-Safety

Xtoool Redirecter Security & Risk Analysis

wordpress.org/plugins/xtoool-redirecter

Manage 301 redirects, track 404 errors, and improve your site. No knowledge of Apache or Nginx required.

0 active installs v1.0.1 PHP 5.4+ WP 5.3+ Updated Unknown
301404htaccessredirectseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Xtoool Redirecter Safe to Use in 2026?

Generally Safe

Score 100/100

Xtoool Redirecter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The static analysis of xtoool-redirecter v1.0.1 reveals a generally strong security posture, with excellent output escaping (98%) and a high percentage of SQL queries using prepared statements (60%). The absence of identified CVEs and a clean vulnerability history further contribute to this positive outlook. The plugin also shows good practices by implementing nonce and capability checks where applicable, and notably, it has no external HTTP requests and no identified unsanitized flows in taint analysis.

However, the presence of four instances of the `unserialize` function is a significant concern. While no specific vulnerabilities were detected through taint analysis in this version, `unserialize` is inherently dangerous as it can lead to object injection vulnerabilities if used with untrusted input. The limited attack surface (0 entry points) and the presence of some nonce and capability checks mitigate the immediate risk, but this function remains a potential vector for future exploits if input handling is not strictly controlled.

In conclusion, xtoool-redirecter v1.0.1 demonstrates commendable security practices in output escaping and data handling. The lack of known vulnerabilities is a significant strength. The primary weakness lies in the use of `unserialize`, which, despite no current exploitation evidence, warrants careful monitoring and potential refactoring to eliminate this inherent risk. The plugin is relatively safe in its current state, but this specific function introduces a notable area for improvement.

Key Concerns

  • Use of dangerous unserialize function
Vulnerabilities
None known

Xtoool Redirecter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Xtoool Redirecter Code Analysis

Dangerous Functions
4
Raw SQL Queries
48
73 prepared
Unescaped Output
2
127 escaped
Nonce Checks
3
Capability Checks
2
File Operations
13
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$values = @unserialize( $values );matches\from-notfrom.php:85
unserialize$values = unserialize( $values );matches\from-url.php:72
unserialize$values = unserialize( $values );matches\login.php:70
unserialize$sources = unserialize( $redirect->sources );models\importer.php:179

SQL Query Safety

60% prepared121 total queries

Output Escaping

98% escaped129 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
try_export_rss (redirection-admin.php:619)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Xtoool Redirecter Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 43
filtertemplate_includeactions\error.php:19
filterpre_handle_404actions\error.php:22
actionwpactions\error.php:25
actionpre_post_updatemodels\monitor.php:17
actionpost_updatedmodels\monitor.php:18
filterredirection_remove_existingmodels\monitor.php:19
filterredirection_permalink_changedmodels\monitor.php:20
actionwp_trash_postmodels\monitor.php:23
filterpre_option_rewrite_rulesmodels\permalinks.php:84
filterpre_option_permalink_structuremodels\permalinks.php:85
actioninitmodules\wordpress.php:76
actioninitmodules\wordpress.php:79
actionsend_headersmodules\wordpress.php:82
filterwp_redirectmodules\wordpress.php:85
filterpre_handle_404modules\wordpress.php:88
actionredirection_matchedmodules\wordpress.php:91
actionredirection_lastmodules\wordpress.php:92
actionredirection_visitmodules\wordpress.php:96
actionredirection_do_nothingmodules\wordpress.php:97
filterredirect_canonicalmodules\wordpress.php:100
actiontemplate_redirectmodules\wordpress.php:103
filterredirection_404_datamodules\wordpress.php:106
filterredirection_log_datamodules\wordpress.php:107
filterx_redirect_bymodules\wordpress.php:110
filterstatus_headermodules\wordpress.php:376
actionadmin_menuredirection-admin.php:26
actionadmin_noticesredirection-admin.php:27
filterplugin_row_metaredirection-admin.php:29
filterredirection_save_optionsredirection-admin.php:30
filterset-screen-optionredirection-admin.php:31
filterset_screen_option_redirection_log_per_pageredirection-admin.php:32
actionredirection_redirect_updatedredirection-admin.php:35
actionredirection_redirect_updatedredirection-admin.php:36
filterscript_loader_srcredirection-admin.php:39
filterip-geo-block-adminredirection-admin.php:319
actioninitredirection-admin.php:673
filterqtranslate_language_detect_redirectredirection-admin.php:676
filterredirection_url_targetredirection-front.php:52
filterredirection_request_ipredirection-front.php:56
filterredirection_request_ipredirection-front.php:58
actionplugins_loadedredirection-front.php:141
actionrest_api_initredirection.php:96
actioninitredirection.php:97
Maintenance & Trust

Xtoool Redirecter Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedUnknown
PHP min version5.4
Downloads772

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Xtoool Redirecter Alternatives

Redirect 404 Page to Home

Redirect 404 Page to Home

redirect-404-page-to-home-by-fahad

A
85

Divert all of the 404 broken pages to your home page. Manage 404 errors, and improve your site. No knowledge of Apache, htaccess or Nginx required.

10 No CVEs
Redirection

Redirection

redirection

A
97

Manage 301 redirects, track 404 errors, and improve your site. No knowledge of Apache or Nginx required.

2.0M 5 CVEs
WP 404 Auto Redirect to Similar Post

WP 404 Auto Redirect to Similar Post

wp-404-auto-redirect-to-similar-post

A
93

Automatically Redirect any 404 page to a Similar Post based on the Title Post Type & Taxonomy using 301 or 302 Redirects!

30K 4 CVEs
SEO Redirection Plugin – 301 Redirect Manager

SEO Redirection Plugin – 301 Redirect Manager

seo-redirection

A
96

SEO Redirection is a powerful redirect manager to manage 301 redirects without requiring knowledge of Apache .htaccess files.

10K 9 CVEs
SEO Repair Kit – AI Chatbot, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking

SEO Repair Kit – AI Chatbot, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking

seo-repair-kit

A
100

The ultimate WordPress plugin for SEO automation - from link fixing to AI-powered schema generation and chatbot support.

3K No CVEs
Developer Profile

Xtoool Redirecter Developer Profile

xtoool

3 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Xtoool Redirecter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xtoool-redirecter/redirection-styles.css/wp-content/plugins/xtoool-redirecter/redirection-admin.js/wp-content/plugins/xtoool-redirecter/redirection-models.js/wp-content/plugins/xtoool-redirecter/redirection-modules.js/wp-content/plugins/xtoool-redirecter/redirection-logs.js/wp-content/plugins/xtoool-redirecter/redirection-flusher.js/wp-content/plugins/xtoool-redirecter/redirection-matcher.js/wp-content/plugins/xtoool-redirecter/redirection-options.js+7 more
Script Paths
/wp-content/plugins/xtoool-redirecter/redirection-admin.js/wp-content/plugins/xtoool-redirecter/redirection-models.js/wp-content/plugins/xtoool-redirecter/redirection-modules.js/wp-content/plugins/xtoool-redirecter/redirection-logs.js/wp-content/plugins/xtoool-redirecter/redirection-flusher.js/wp-content/plugins/xtoool-redirecter/redirection-matcher.js+8 more
Version Parameters
xtoool-redirecter/redirection-styles.css?ver=xtoool-redirecter/redirection-admin.js?ver=xtoool-redirecter/redirection-models.js?ver=xtoool-redirecter/redirection-modules.js?ver=xtoool-redirecter/redirection-logs.js?ver=xtoool-redirecter/redirection-flusher.js?ver=xtoool-redirecter/redirection-matcher.js?ver=xtoool-redirecter/redirection-options.js?ver=xtoool-redirecter/redirection-capabilities.js?ver=xtoool-redirecter/redirection-settings.js?ver=xtoool-redirecter/redirection-import-export.js?ver=xtoool-redirecter/redirection-groups.js?ver=xtoool-redirecter/redirection-monitor.js?ver=xtoool-redirecter/redirection-api.js?ver=xtoool-redirecter/redirection-wpcli.js?ver=

HTML / DOM Fingerprints

CSS Classes
redirection-settingsredirection-monitorredirection-logsredirection-groupsredirection-import-exportredirection-modulesredirection-matcherredirection-flusher+2 more
HTML Comments
<!-- For full license details see license.txt --><!-- These are only called on the single standard site, or in the network admin of the multisite - they run across all available sites --><!-- Show the database upgrade nag --><!-- Perform an automatic DB upgrade -->+1 more
Data Attributes
data-redirection-group-iddata-redirection-id
JS Globals
RedirectionAdminRedirectionLogsRedirectionMonitorRedirectionGroupsRedirectionImportExportRedirectionModules+7 more
REST Endpoints
/wp-json/redirection/v1/redirect/wp-json/redirection/v1/group/wp-json/redirection/v1/monitor/wp-json/redirection/v1/module/wp-json/redirection/v1/settings/wp-json/redirection/v1/status/wp-json/redirection/v1/logs/wp-json/redirection/v1/users/wp-json/redirection/v1/options
FAQ

Frequently Asked Questions about Xtoool Redirecter