WP-Safety

Admin Search Security & Risk Analysis

wordpress.org/plugins/admin-search

Admin Search adds a simple, easy-to-use interface to your WordPress admin site that gives you and your admin users the ability to search across multip …

1K active installs v1.4.2 PHP 5.2+ WP 4.9.2+ Updated Jan 9, 2026
adminadvancedsearch
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Admin Search Safe to Use in 2026?

Generally Safe

Score 100/100

Admin Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "admin-search" plugin v1.4.2 demonstrates a generally good security posture, primarily due to the absence of known vulnerabilities and a strong emphasis on secure coding practices. The plugin effectively utilizes prepared statements for the vast majority of its SQL queries and implements capability checks on all identified entry points, which are crucial for mitigating common attack vectors. The lack of external HTTP requests and file operations further reduces its attack surface. However, there are areas for improvement, particularly concerning output escaping, where only 43% of outputs are properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient care. The presence of non-trivial AJAX handlers without apparent rigorous sanitization of all user inputs before outputting them is a potential concern, even if no critical taint flows were identified in the static analysis. The clean vulnerability history is a positive indicator of past development practices, but the remaining minor weaknesses in output handling warrant attention.

Key Concerns

  • Low percentage of properly escaped outputs
  • AJAX handlers present, output escaping is weak
Vulnerabilities
None known

Admin Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admin Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
12 prepared
Unescaped Output
16
12 escaped
Nonce Checks
2
Capability Checks
12
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

92% prepared13 total queries

Output Escaping

43% escaped28 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
admin_search_ajax (ajax.php:274)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admin Search Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_admin_search_ajaxajax.php:985
noprivwp_ajax_admin_search_ajaxajax.php:986
authwp_ajax_admin_search_clear_searches_ajaxajax.php:1016
noprivwp_ajax_admin_search_clear_searches_ajaxajax.php:1017
WordPress Hooks 19
actionadmin_initadmin-search.php:68
filterquery_varsadmin-search.php:88
filterposts_whereajax.php:241
filterposts_joinajax.php:242
filterposts_distinctajax.php:260
filteradmin_search_meta_queriesajax.php:1025
actionpersonal_optionssettings.php:25
actionpersonal_options_updatesettings.php:44
actionedit_user_profile_updatesettings.php:45
filteradmin_footer_textsettings.php:62
filterupdate_footersettings.php:84
actionadmin_menusettings.php:96
actionadmin_initsettings.php:279
filtershow_admin_barui.php:35
actionadmin_enqueue_scriptsui.php:193
actionwp_enqueue_scriptsui.php:194
actionadmin_bar_menuui.php:232
actionadmin_footerui.php:479
actionwp_footerui.php:480
Maintenance & Trust

Admin Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 9, 2026
PHP min version5.2
Downloads24K

Community Trust

Rating90/100
Number of ratings17
Active installs1K
Alternatives

Admin Search Alternatives

ACF: Better Search

ACF: Better Search

acf-better-search

A
99

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE
WP Extended Search

WP Extended Search

wp-extended-search

A
100

Extend search functionality to search in selected post meta, taxonomies, post types, and all authors.

20K 1 CVE
ACF qTranslate

ACF qTranslate

acf-qtranslate

A
85

Provides qTranslate compatible ACF field types for Text, Text Area, WYSIWYG, Image and File.

9K No CVEs
Admin Columns for ACF Fields

Admin Columns for ACF Fields

admin-columns-for-acf-fields

A
92

Allows you to enable columns for your ACF fields in post and taxonomy overviews (e.g. "All Posts") in the Wordpress admin backend.

9K No CVEs
Advanced Custom Fields: Typography Field

Advanced Custom Fields: Typography Field

acf-typography-field

A
85

A Typography Add-on for the Advanced Custom Fields Plugin.

3K No CVEs
Developer Profile

Admin Search Developer Profile

Andrew Stichbury

1 plugin · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-search/assets/style.css/wp-content/plugins/admin-search/assets/script.js
Script Paths
/wp-content/plugins/admin-search/assets/script.js
Version Parameters
admin-search/assets/style.css?ver=admin-search/assets/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
admin-search
Data Attributes
data-admin-search-preview
JS Globals
admin_search
FAQ

Frequently Asked Questions about Admin Search