WP-Safety

Better Search – Relevant search results for WordPress Security & Risk Analysis

wordpress.org/plugins/better-search

Better Search replaces the default WordPress search with a better search engine that gives contextual results sorted by relevance.

5K active installs v4.2.4 PHP 7.4+ WP 6.6+ Updated Feb 21, 2026
better-searchrelated-searchrelevancerelevant-searchsearch
83
B · Generally Safe
CVEs total8
Unpatched0
Last CVENov 22, 2025
Plugin page Download
Safety Verdict

Is Better Search – Relevant search results for WordPress Safe to Use in 2026?

Mostly Safe

Score 83/100

Better Search – Relevant search results for WordPress is generally safe to use. 8 past CVEs were resolved.

8 known CVEsLast CVE: Nov 22, 2025Updated 2mo ago
Risk Assessment

The 'better-search' plugin v4.2.4 presents a mixed security posture. On the positive side, the static analysis reveals a relatively small attack surface, with no unprotected AJAX handlers or REST API routes identified. The code demonstrates good practices with a high percentage of SQL queries using prepared statements and properly escaped output, along with a substantial number of nonce and capability checks. However, there are concerns regarding the presence of unsanitized paths in taint analysis, although these did not reach critical or high severity in this version. The history of 8 known CVEs, including critical and high severity vulnerabilities, is a significant red flag, even though there are currently no unpatched vulnerabilities. This history suggests a pattern of developing security flaws, potentially related to input sanitization (XSS, SQL injection), authentication bypass, and CSRF, which require diligent attention. The bundled Freemius library, though not analyzed for its version, could also represent a potential risk if it's outdated.

Key Concerns

  • History of 8 known CVEs
  • Past critical severity CVEs
  • Past high severity CVEs
  • Flows with unsanitized paths
  • SQL queries not using prepared statements
  • Bundled Freemius v1.0 library
Vulnerabilities
8 published

Better Search – Relevant search results for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
1 CVE in 2019
2019
2 CVEs in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
5

8 total CVEs

CVE-2026-24938medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Search <= 4.2.1 - Authenticated (Author+) Stored Cross-Site Scripting

Nov 22, 2025 Patched in 4.2.2 (79d)
CVE-2025-47507medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Search <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 7, 2025 Patched in 4.1.1 (7d)
CVE-2024-29142high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting

Mar 18, 2024 Patched in 3.3.1 (5d)
WF-d7a02502-bc3c-4fd1-b6db-7b3c476c141f-better-searchmedium · 4.3Cross-Site Request Forgery (CSRF)

Better Search <= 3.1.0 - Cross-Site Request Forgery

Apr 10, 2023 Patched in 3.2.0 (288d)
CVE-2021-4400medium · 4.3Cross-Site Request Forgery (CSRF)

Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass

Mar 1, 2021 Patched in 2.5.3 (1058d)
CVE-2021-4373high · 8.8Authentication Bypass Using an Alternate Path or Channel

Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import

Mar 1, 2021 Patched in 2.5.3 (1058d)
WF-f6f91414-5035-4cab-81ad-18558fe43500-better-searchcritical · 9.3Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Better Search < 2.2.3 - SQL Injection

Mar 15, 2019 Patched in 2.2.3 (1775d)
WF-e057a35b-8162-4636-9fd9-419378df1ca1-better-searchmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Better Search <= 1.3.4 - Reflected Cross-Site Scripting

Dec 16, 2014 Patched in 1.3.5 (3325d)
Version History

Better Search – Relevant search results for WordPress Release Timeline

v4.2.4Current
v4.2.3
v4.2.2
v4.2.11 CVE
CVE-2026-24938
v4.2.01 CVE
CVE-2026-24938
v4.1.51 CVE
CVE-2026-24938
v4.1.41 CVE
CVE-2026-24938
v4.1.31 CVE
CVE-2026-24938
v4.1.21 CVE
CVE-2026-24938
v4.1.11 CVE
CVE-2026-24938
v4.1.02 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.52 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.42 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.32 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.22 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.12 CVEs
CVE-2025-47507 CVE-2026-24938
v4.0.02 CVEs
CVE-2025-47507 CVE-2026-24938
v3.3.12 CVEs
CVE-2025-47507 CVE-2026-24938
v3.3.03 CVEs
CVE-2025-47507 CVE-2026-24938 CVE-2024-29142
v3.2.23 CVEs
CVE-2025-47507 CVE-2026-24938 CVE-2024-29142
Code Analysis
Analyzed Mar 16, 2026

Better Search – Relevant search results for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
40 prepared
Unescaped Output
50
424 escaped
Nonce Checks
23
Capability Checks
19
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

70% prepared57 total queries

Output Escaping

89% escaped474 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

17 flows3 with unsanitized paths
extra_tablenav (includes\admin\class-statistics-table.php:377)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Better Search – Relevant search results for WordPress Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[bsearch_heatmap] includes\frontend\class-shortcodes.php:27
[bsearch_form] includes\frontend\class-shortcodes.php:28
WordPress Hooks 17
actionactivated_pluginbetter-search.php:125
actionadmin_noticesbetter-search.php:130
actionplugins_loadedbetter-search.php:180
actionadmin_enqueue_scriptsincludes\admin\settings\class-metabox-api.php:98
actionadd_meta_boxesincludes\admin\settings\class-metabox-api.php:99
actionadmin_menuincludes\admin\settings\class-settings-api.php:178
actionadmin_initincludes\admin\settings\class-settings-api.php:179
filteradmin_footer_textincludes\admin\settings\class-settings-api.php:180
actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-api.php:181
filteradmin_body_classincludes\admin\settings\class-settings-api.php:182
actionadmin_menuincludes\admin\settings\class-settings-wizard-api.php:180
actionadmin_initincludes\admin\settings\class-settings-wizard-api.php:181
actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-wizard-api.php:182
actionadmin_headincludes\admin\settings\class-settings-wizard-api.php:242
filterposts_pre_queryincludes\frontend\class-template-handler.php:98
filterplugin_iconload-freemius.php:45
filterafter_uninstallload-freemius.php:46
Maintenance & Trust

Better Search – Relevant search results for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 21, 2026
PHP min version7.4
Downloads297K

Community Trust

Rating90/100
Number of ratings60
Active installs5K
Alternatives

Better Search – Relevant search results for WordPress Alternatives

Relevanssi – A Better Search

Relevanssi – A Better Search

relevanssi

B
82

Relevanssi replaces the default search with a partial-match search that sorts results by relevance. It also indexes comments and shortcode content.

100K 17 CVEs
WP Fast Total Search – The Power of Indexed Search

WP Fast Total Search – The Power of Indexed Search

fulltext-search

A
94

Extends the default fulltext search with relevance, jet speed and ability to search any posts, metadata, taxonomy, shortcode content and more data.

1K 8 CVEs
Swiftype Site Search Plugin for WordPress

Swiftype Site Search Plugin for WordPress

swiftype-search

A
85

Fast, intelligent, and fully customizable search for your site.

500 No CVEs
Relevant Search

Relevant Search

relevant-search

A
85

Relevant Search replaces the default WordPress search with relevant results.

30 No CVEs
Fast WordPress Search

Fast WordPress Search

fast-wordpress-search

A
85

Faster and Relevance WordPress Search result with low resource consuming

10 No CVEs
Developer Profile

Better Search – Relevant search results for WordPress Developer Profile

Ajay

34 plugins · 79K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
776 days
View full developer profile
Detection Fingerprints

How We Detect Better Search – Relevant search results for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/better-search/includes/css/admin-style.css/wp-content/plugins/better-search/includes/css/admin-frontend-style.css/wp-content/plugins/better-search/includes/js/admin-scripts.js/wp-content/plugins/better-search/includes/images/default-thumb.png
Script Paths
/wp-content/plugins/better-search/includes/js/admin-scripts.js
Version Parameters
better-search/includes/css/admin-style.css?ver=better-search/includes/css/admin-frontend-style.css?ver=better-search/includes/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
wz-admin-banner
HTML Comments
<!-- Better Search Options Page --><!-- Better Search - Addons Section -->
Data Attributes
data-bsearch-settingdata-bsearch-typedata-bsearch-value
JS Globals
BetterSearchSettings
FAQ

Frequently Asked Questions about Better Search – Relevant search results for WordPress