wp_redirect() does not validate that the $location is a reference to the current host.
This means that this function is vulnerable to open redirects if you pass it a $location supplied by the user.
For this reason, it is best practice to always use wp_safe_redirect() instead, since it will use wp_validate_redirect() to ensure that the $location refers to the current host.
This means that this function is vulnerable to open redirects if you pass it a $location supplied by the user.
For this reason, it is best practice to always use wp_safe_redirect() instead, since it will use wp_validate_redirect() to ensure that the $location refers to the current host.
Example :
wp_safe_redirect( $url );
wp_safe_redirect( $url );
Only use wp_redirect() when you are specifically trying to redirect to another site, and then you can hard-code the URL.
Example :
wp_redirect( 'https://example.com/some/page' );
wp_redirect( 'https://example.com/some/page' );
