Does Ajax Search Lite – Live Search & Filter have any unpatched vulnerabilities?

No. All known vulnerabilities in Ajax Search Lite – Live Search & Filter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ajax Search Lite – Live Search & Filter compatible with WordPress 6.9.4?

According to WordPress.org data, Ajax Search Lite – Live Search & Filter 4.13.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ajax Search Lite – Live Search & Filter compatible with PHP 7.4+?

Ajax Search Lite – Live Search & Filter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ajax Search Lite – Live Search & Filter updated?

Ajax Search Lite – Live Search & Filter was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Ajax Search Lite – Live Search & Filter's security score?

Ajax Search Lite – Live Search & Filter has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ajax Search Lite – Live Search & Filter Security & Risk Analysis

wordpress.org/plugins/ajax-search-lite

The Best Ajax Live Search and Filter for WordPress. Live suggestions, Custom Post types, Custom fields, Categories, WooCommerce & Elementor support

80K active installs v4.13.5 PHP 7.4+ WP 3.5+ Updated Feb 16, 2026

better-searchlive-searchproduct-searchsearchwoocommerce-search

B · Generally Safe

CVEs total11

Unpatched0

Last CVEOct 21, 2025

Plugin page Download

Safety Verdict

Is Ajax Search Lite – Live Search & Filter Safe to Use in 2026?

Mostly Safe

Score 83/100

Ajax Search Lite – Live Search & Filter is generally safe to use. 11 past CVEs were resolved. Keep it updated.

11 known CVEsLast CVE: Oct 21, 2025Updated 1mo ago

Risk Assessment

The security posture of Ajax Search Lite v4.13.5 presents a mixed bag of good practices and significant concerns. On the positive side, the plugin demonstrates a strong adherence to secure coding principles by exclusively using prepared statements for all SQL queries and exhibiting a high rate of output escaping (87%). It also implements a substantial number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities.

However, the static analysis reveals a critical vulnerability: one unprotected AJAX handler, which forms the entirety of the plugin's attack surface. This unprotected entry point is compounded by two high-severity taint flows identified during analysis, suggesting potential avenues for attackers to inject malicious data. The plugin's vulnerability history, with 11 known CVEs including one critical, two high, and eight medium severity issues, further raises alarms. The pattern of past vulnerabilities, ranging from deserialization and XSS to missing authorization and code injection, indicates a recurring struggle with input validation and access control.

In conclusion, while Ajax Search Lite v4.13.5 implements some good security practices, the presence of an unprotected AJAX handler and high-severity taint flows, coupled with a history of numerous and serious vulnerabilities, signifies a considerable risk. The plugin's past indicates a need for rigorous security auditing and patching to address systemic issues.

Key Concerns

Unprotected AJAX handler
High severity taint flows (2)
Known critical CVE in history
Known high severity CVEs (2)
8 medium severity CVEs
Unsanitized paths in taint flows (4)

Vulnerabilities

Ajax Search Lite – Live Search & Filter Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2015

2015

2 CVEs in 2023

2023

4 CVEs in 2024

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

11 total CVEs

CVE-2025-48086medium · 6.6Deserialization of Untrusted Data

Ajax Search Lite <= 4.13.3 - Authenticated (Administrator+) PHP Object Injection

Oct 21, 2025 Patched in 4.13.4 (9d)

CVE-2025-7956medium · 5.3Missing Authorization

Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler

Aug 27, 2025 Patched in 4.13.2 (1d)

CVE-2024-13585medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite <= 4.12.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 31, 2025 Patched in 4.12.5 (27d)

CVE-2024-10568medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite <= 4.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 21, 2024 Patched in 4.12.4 (22d)

CVE-2024-8619medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite <= 4.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 2, 2024 Patched in 4.12.2 (71d)

CVE-2024-7084medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite < 4.12 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 16, 2024 Patched in 4.12.1 (25d)

CVE-2024-21752medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite <= 4.11.4 - Reflected Cross-Site Scripting

Jan 4, 2024 Patched in 4.11.5 (19d)

CVE-2023-1420high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting

Apr 3, 2023 Patched in 4.11.1 (295d)

CVE-2022-38456medium · 4.3Missing Authorization

Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure

Feb 6, 2023 Patched in 4.11 (351d)

WF-6c439914-1d5a-4607-8e5c-9279fa3b462c-ajax-search-litehigh · 8.8Missing Authorization

Ajax Search Lite < 3.11 - Missing Authorization to Remote Code Execution

Mar 26, 2015 Patched in 3.11 (3225d)

CVE-2014-4663critical · 9.8Improper Control of Generation of Code ('Code Injection')

Ajax Search Lite < 3.11 - Remote Code Execution

Jun 24, 2014 Patched in 3.11 (3767d)

Code Analysis

Analyzed Mar 16, 2026

Ajax Search Lite – Live Search & Filter Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

465 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

87% escaped535 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

handle (includes\classes\ajax\class-asl-search.php:26)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Ajax Search Lite – Live Search & Filter Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_wd_search_cfbackend\settings\class\wd_cf_search_callback.class.php:134

WordPress Hooks 17

actionadmin_print_stylesbackend\settings\types.inc.php:36

actionadmin_enqueue_scriptsbackend\settings\types.inc.php:72

actionwp_print_footer_scriptsincludes\classes\core\class-asl-init.php:426

actioninitincludes\classes\core\class-asl-manager.php:68

actionwp_footerincludes\classes\core\class-asl-manager.php:93

actionadmin_enqueue_scriptsincludes\classes\core\class-asl-manager.php:225

actionwp_enqueue_scriptsincludes\classes\core\class-asl-manager.php:229

actionwp_enqueue_scriptsincludes\classes\core\class-asl-manager.php:230

actionwp_footerincludes\classes\core\class-asl-manager.php:231

actionadmin_menuincludes\classes\core\class-asl-manager.php:240

actionrest_api_initincludes\classes\core\class-asl-manager.php:262

filterasl_query_argsincludes\classes\filters\class-asl-searchoverride.php:72

filterasl_cpt_advanced_field_valueincludes\classes\search\class-asl-search-cpt.php:1484

actionasl_layout_in_formincludes\classes\shortcodes\class-asl-search.php:80

actionwidgets_initincludes\classes\widgets\widgets.inc.php:12

actioninitsrc\server\Utils\Polylang\StringTranslations.php:25

actionwp_footersrc\server\Utils\Polylang\StringTranslations.php:32

Maintenance & Trust

Ajax Search Lite – Live Search & Filter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version7.4

Downloads2.1M

Community Trust

Rating96/100

Number of ratings261

Active installs80K

Alternatives

Ajax Search Lite – Live Search & Filter Alternatives

Relevanssi – A Better Search

relevanssi

Relevanssi replaces the default search with a partial-match search that sorts results by relevance. It also indexes comments and shortcode content.

100K 17 CVEs

Advanced Woo Search – Product Search for WooCommerce

advanced-woo-search

Advanced WooCommerce product search plugin. Search inside any product field. Support for both AJAX search and search results page.

70K 5 CVEs

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs

DooSearch – Ajax Search & Filters for WooCommerce

doosearch-ajax-search-for-woo

100

A blazing-fast WooCommerce product search plugin with AJAX and live filters to boost conversions.

0 No CVEs

Dragonfly – Advanced Live Search

dragonfly

100

Search Any Post Type Or Taxonomy

0 No CVEs

Developer Profile

Ajax Search Lite – Live Search & Filter Developer Profile

wpdreams

1 plugin · 80K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

710 days

View full developer profile

Detection Fingerprints

How We Detect Ajax Search Lite – Live Search & Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ajax-search-lite/css/style.css/wp-content/plugins/ajax-search-lite/css/style.frontend.css/wp-content/plugins/ajax-search-lite/css/style.responsive.css/wp-content/plugins/ajax-search-lite/css/backend.css/wp-content/plugins/ajax-search-lite/js/min/backend.min.js/wp-content/plugins/ajax-search-lite/js/min/frontend.min.js/wp-content/plugins/ajax-search-lite/js/dependencies/jquery.cookie.js/wp-content/plugins/ajax-search-lite/js/dependencies/mustache.min.js+14 more

Script Paths

/wp-content/plugins/ajax-search-lite/js/min/backend.min.js/wp-content/plugins/ajax-search-lite/js/min/frontend.min.js

Version Parameters

ajax-search-lite/css/style.css?ver=ajax-search-lite/css/style.frontend.css?ver=ajax-search-lite/css/style.responsive.css?ver=ajax-search-lite/css/backend.css?ver=ajax-search-lite/js/min/backend.min.js?ver=ajax-search-lite/js/min/frontend.min.js?ver=ajax-search-lite/js/dependencies/jquery.cookie.js?ver=ajax-search-lite/js/dependencies/mustache.min.js?ver=ajax-search-lite/js/dependencies/jquery.highlight-5.js?ver=ajax-search-lite/js/dependencies/mousetrap.min.js?ver=ajax-search-lite/js/dependencies/underscore.min.js?ver=ajax-search-lite/js/dependencies/masonry.pkgd.min.js?ver=ajax-search-lite/js/dependencies/imagesloaded.min.js?ver=ajax-search-lite/js/dependencies/handlebars.min.js?ver=ajax-search-lite/js/dependencies/handlebars.runtime.min.js?ver=ajax-search-lite/js/dependencies/autosize.min.js?ver=ajax-search-lite/js/dependencies/isotope.min.js?ver=ajax-search-lite/js/dependencies/perfect-scrollbar.jquery.min.js?ver=ajax-search-lite/js/dependencies/chart.min.js?ver=ajax-search-lite/js/dependencies/moment.min.js?ver=ajax-search-lite/js/dependencies/daterangepicker.min.js?ver=ajax-search-lite/js/dependencies/jshashes.js?ver=

HTML / DOM Fingerprints

CSS Classes

asl-frontendasl-backendasl-navasl-navigationasl-results-containerasl-filter-wrapperasl-preloaderasl-footer+278 more

HTML Comments

+160 more

Data Attributes

data-aspiddata-layoutdata-scrolltodata-scrollto-offsetdata-scrollto-effectdata-scrollto-dur+489 more

JS Globals

wd_asl_initWDASL

Shortcode Output

[ajax_search_lite]

FAQ