Does Ajax Search have any unpatched vulnerabilities?

No. All known vulnerabilities in Ajax Search have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ajax Search compatible with WordPress 4.4.34?

According to WordPress.org data, Ajax Search 1.2.2 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Ajax Search updated?

Ajax Search was last updated on Jan 9, 2016. Frequent updates are generally a positive security signal.

What is Ajax Search's security score?

Ajax Search has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ajax Search Security & Risk Analysis

wordpress.org/plugins/ajax-search

Ajax Search is a simple instant posts search widget.

10 active installs v1.2.2 PHP + WP 3.1.0+ Updated Jan 9, 2016

ajax-searchinstant-searchlive-search

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ajax Search Safe to Use in 2026?

Generally Safe

Score 85/100

Ajax Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "ajax-search" v1.2.2 plugin presents a significant security risk due to its unprotected AJAX handlers and a complete lack of output escaping. The static analysis reveals that all identified entry points, specifically two AJAX handlers, lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to unauthorized actions or information disclosure. Furthermore, none of the nine identified output operations are properly escaped, creating a strong possibility for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output. The plugin does demonstrate some positive security practices, such as 100% usage of prepared statements for SQL queries and no observed dangerous functions like `eval` or `create_function` (although `create_function` is listed as a dangerous function, its presence alone is a concern). The vulnerability history is clean, with no recorded CVEs, which could indicate either a well-written plugin or insufficient security auditing. However, the current code analysis reveals clear and present dangers that outweigh the absence of past vulnerabilities.

Key Concerns

AJAX handlers without auth checks
Unescaped output found
Dangerous function: create_function
No nonce checks on AJAX handlers

Vulnerabilities

None known

Ajax Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Ajax Search Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("MXAjaxSearchWidget");'));ajax-search.php:112

Output Escaping

0% escaped9 total outputs

Attack Surface

2 unprotected

Ajax Search Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_ajaxsearchajax-search.php:209

authwp_ajax_ajaxsearchajax-search.php:210

WordPress Hooks 6

actionwp_enqueue_scriptsajax-search.php:22

actionwidgets_initajax-search.php:112

actionwp_footerajax-search.php:117

actionwp_headajax-search.php:130

actionwp_footerajax-search.php:136

filterposts_whereajax-search.php:222

Maintenance & Trust

Ajax Search Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedJan 9, 2016

PHP min version

Downloads7K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Ajax Search Alternatives

Search Live

search-live

100

Search Live supplies integrated live search facilities and advanced search features.

700 No CVEs

Hound – AJAX Search Lite

hound-lite

Search all posts and pages of a WordPress website instantly. Get search result as you keep typing your keyword.

0 No CVEs

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs

Fast Fuzzy Search – WordPress & WooCommerce Live Search

fast-fuzzy-search

100

Blazing fast, typo-tolerant, AJAX-powered search for WordPress and WooCommerce. Built for conversions and optimized for massive product catalogs.

200 No CVEs

Developer Profile

Ajax Search Developer Profile

Sandor Kovacs

5 plugins · 3K total installs

trust score

Avg Security Score

75/100

Avg Patch Time

3360 days

View full developer profile

Detection Fingerprints

How We Detect Ajax Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/ajax-search/ajax-search.php

HTML / DOM Fingerprints

CSS Classes

MXAjaxSearch

Data Attributes

id='mx-ajax-search'id='my-s'id='results'id='simple-ajax-search-result-list'

JS Globals

ajaxurlajaxsearch_searchcreateCookiereadCookiedelete_cookie

REST Endpoints

/wp-admin/admin-ajax.php

FAQ