WP-Safety

Bang Faceted Search Security & Risk Analysis

wordpress.org/plugins/bang-faceted-search

Create a faceted search interface for any post type.

10 active installs v2.0 PHP + WP 3.7+ Updated Unknown
search
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bang Faceted Search Safe to Use in 2026?

Generally Safe

Score 100/100

Bang Faceted Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'bang-faceted-search' v2.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of identified dangerous functions, file operations, and external HTTP requests is a positive indicator. Furthermore, the lack of known CVEs in its history suggests a commitment to security or a low profile of past issues, which is reassuring. The presence of capability checks, even if only one is identified, is also a positive step towards securing its functionalities.

However, several areas present potential concerns. The SQL query usage shows a significant portion (67%) not utilizing prepared statements, which is a notable risk for SQL injection vulnerabilities if the queries are dynamic. A low percentage of properly escaped output (32%) is a substantial weakness, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on any entry points, while the attack surface is reported as zero, still represents a missed opportunity for a standard security layer if any future entry points are introduced.

In conclusion, while 'bang-faceted-search' v2.0 scores well in some areas, the significant risks associated with unescaped output and raw SQL queries, coupled with the complete absence of nonce checks, necessitate careful consideration and potential remediation to strengthen its overall security. The lack of complex taint flows or critical vulnerabilities is a positive, but the foundational code hygiene needs improvement.

Key Concerns

  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
  • Missing nonce checks on entry points
Vulnerabilities
None known

Bang Faceted Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Bang Faceted Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
2 prepared
Unescaped Output
197
91 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

33% prepared6 total queries

Output Escaping

32% escaped288 total outputs
Attack Surface

Bang Faceted Search Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 46
filterget_pagenum_linkfunctions\class-faceted-search.php:383
actionwp_loadedfunctions\init.php:20
filterrequestfunctions\init.php:52
actionwp_headfunctions\init.php:84
filterdo_parse_requestfunctions\init.php:115
filterrequestfunctions\init.php:116
actionwpfunctions\init.php:117
actionwpfunctions\init.php:119
actionparse_requestfunctions\init.php:120
actiontemplate_redirectfunctions\init.php:121
filtertemplate_includefunctions\init.php:122
filtersend_headersfunctions\init.php:125
filterposts_resultsfunctions\init.php:132
actionadmin_initfunctions\init.php:139
actionparse_queryfunctions\init.php:191
actioninitfunctions\relevanssi.php:11
filterrelevanssi_modify_wp_queryfunctions\relevanssi.php:19
filterrelevanssi_default_tax_query_relationfunctions\relevanssi.php:20
filterrelevanssi_search_okfunctions\relevanssi.php:21
filterrelevanssi_wherefunctions\relevanssi.php:22
filterrelevanssi_joinfunctions\relevanssi.php:23
actionbang_fs_before_queryfunctions\relevanssi.php:25
actionbang_fs_after_queryfunctions\relevanssi.php:26
filterrelevanssi_matchfunctions\relevanssi.php:31
actionrelevanssi_resultsfunctions\relevanssi.php:32
filterrelevanssi_search_filtersfunctions\relevanssi.php:33
filterbang_fs_wpdbfunctions\relevanssi.php:35
filterbang_fs_count_wherefunctions\relevanssi.php:37
filterbang_fs_count_joinsfunctions\relevanssi.php:38
filterbang_fs_count_sqlfunctions\relevanssi.php:39
filteroption_relevanssi_index_post_typesfunctions\relevanssi.php:43
filterrelevanssi_post_contentfunctions\relevanssi.php:44
actionrelevanssi_hits_filterfunctions\relevanssi.php:141
filterquery_varsfunctions\search.php:173
filterbang_fs_queryfunctions\search.php:182
filterbang_fs_queryfunctions\search.php:193
filterbang_fs_queryfunctions\search.php:237
filterbang_fs_queryfunctions\search.php:275
filterbang_fs_queryfunctions\search.php:286
filterbang_fs_deconstruct_getfunctions\search.php:294
filterbang_fs_deconstruct_getfunctions\search.php:312
filterbang_fs_deconstruct_getfunctions\search.php:330
actionadmin_menufunctions\settings.php:9
actionwidgets_initfunctions\widgets.php:3
actionplugins_loadedmain.php:25
filterbang_fs_field_valueswidgets\FieldFacetWidget.php:237
Maintenance & Trust

Bang Faceted Search Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.0
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

Bang Faceted Search Alternatives

Site Kit by Google – Analytics, Search Console, AdSense, Speed

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

A
100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A
86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M 20 CVEs
Better Search Replace

Better Search Replace

better-search-replace

A
98

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs
SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A
97

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE
Developer Profile

Bang Faceted Search Developer Profile

Marcus Downing

12 plugins · 440 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bang Faceted Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bang-faceted-search/scripts/faceted-search.js/wp-content/plugins/bang-faceted-search/faceted-search.css/wp-content/plugins/bang-faceted-search/scripts/admin/fs-admin.js/wp-content/plugins/bang-faceted-search/admin.css
Script Paths
/wp-content/plugins/bang-faceted-search/scripts/faceted-search.js/wp-content/plugins/bang-faceted-search/scripts/admin/fs-admin.js
Version Parameters
bang-faceted-search/scripts/faceted-search.js?ver=bang-faceted-search/faceted-search.css?ver=bang-faceted-search/scripts/admin/fs-admin.js?ver=bang-faceted-search/admin.css?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Do our init -- *after* all the plugins are loaded, to make sure post types are registered etc --><!-- Find a search location that matches the current URI --><!-- Yes! This is a faceted search --><!-- make a new faceted search -->+6 more
Data Attributes
data-bang-fs-post-typedata-bang-fs-settingdata-bang-fs-iddata-bang-fs-valuedata-bang-fs-titledata-bang-fs-taxonomy
JS Globals
var faceted_searchvar bang_fs_current_locationvar bang_fs_loc_pagevar BANG_FACETED_SEARCH
FAQ

Frequently Asked Questions about Bang Faceted Search