WP-Safety

Convertopia Smart Search Security & Risk Analysis

wordpress.org/plugins/convertopia-smart-search

Convertopia is a smart site search tool an all-in-one solution to boost conversion, profit retailers, and improve shopping experience.

0 active installs v1.0.4 PHP + WP 5.0+ Updated May 30, 2025
autocompleteconvertopiainstant-searchpersonalized-ai-searchwordpress
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Convertopia Smart Search Safe to Use in 2026?

Generally Safe

Score 100/100

Convertopia Smart Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The convertopia-smart-search v1.0.4 plugin exhibits a generally good security posture with several strengths, including the complete absence of dangerous functions, file operations, and external HTTP requests. All SQL queries are properly prepared, and a very high percentage of output is correctly escaped, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The plugin also has no recorded vulnerability history, which is a positive indicator. However, a significant concern is the presence of 11 AJAX handlers, with 5 of them lacking any authentication checks. This large, unprotected attack surface could be exploited by unauthenticated users to trigger unintended actions within the plugin. While taint analysis did not reveal any critical or high-severity unsanitized flows, the unprotected AJAX endpoints remain a primary risk. The plugin's lack of capability checks also contributes to this risk, as it implies that potentially sensitive actions accessible via AJAX might be executed by any user, regardless of their WordPress role.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

Convertopia Smart Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Convertopia Smart Search Release Timeline

v1.0.4Current
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Convertopia Smart Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
48
510 escaped
Nonce Checks
9
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

91% escaped558 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

5 flows
convertopia_save_consent_checkout_field (includes\class-convertopia.php:572)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Convertopia Smart Search Attack Surface

Entry Points11
Unprotected5

AJAX Handlers 11

authwp_ajax_convertopia_update_all_schedulesconvertopia.php:50
authwp_ajax_convertopia_update_all_delta_schedulesconvertopia.php:59
authwp_ajax_convertopia_track_inquiry_submitincludes\class-convertopia.php:233
noprivwp_ajax_convertopia_track_inquiry_submitincludes\class-convertopia.php:234
authwp_ajax_convertopia_track_add_to_cartincludes\class-convertopia.php:284
noprivwp_ajax_convertopia_track_add_to_cartincludes\class-convertopia.php:285
authwp_ajax_convertopia_save_user_consentincludes\class-convertopia.php:617
noprivwp_ajax_convertopia_save_user_consentincludes\class-convertopia.php:618
authwp_ajax_convertopia_generate_customer_feedincludes\customer-feed.php:229
authwp_ajax_convertopia_generate_order_feedincludes\order-feed.php:325
authwp_ajax_convertopia_generate_product_feedincludes\product-feed.php:205
WordPress Hooks 21
actionuser_registerconvertopia.php:71
actioninitincludes\class-convertopia.php:12
actionplugins_loadedincludes\class-convertopia.php:21
actionadmin_enqueue_scriptsincludes\class-convertopia.php:31
actionwp_enqueue_scriptsincludes\class-convertopia.php:65
actionadmin_enqueue_scriptsincludes\class-convertopia.php:66
actionwp_enqueue_scriptsincludes\class-convertopia.php:88
actionadmin_menuincludes\class-convertopia.php:303
actionwoocommerce_thankyouincludes\class-convertopia.php:414
actionwoocommerce_after_checkout_billing_formincludes\class-convertopia.php:481
actionwoocommerce_before_checkout_formincludes\class-convertopia.php:509
actionadmin_initincludes\class-convertopia.php:517
actionwoocommerce_after_order_notesincludes\class-convertopia.php:550
actionwoocommerce_checkout_update_order_metaincludes\class-convertopia.php:570
actiontemplate_redirectincludes\csearch.php:6
actionconvertopia_cron_generate_customer_feedincludes\customer-feed.php:241
actionconvertopia_cron_generate_customer_feed_deltaincludes\customer-feed.php:253
actionconvertopia_cron_generate_order_feedincludes\order-feed.php:337
actionconvertopia_cron_generate_order_feed_deltaincludes\order-feed.php:349
actionconvertopia_cron_generate_product_feedincludes\product-feed.php:219
actionconvertopia_cron_generate_product_feed_deltaincludes\product-feed.php:233
Maintenance & Trust

Convertopia Smart Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 30, 2025
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Convertopia Smart Search Alternatives

Search with Typesense

Search with Typesense

search-with-typesense

A
99

Lightning fast seagrch for your WordPress site, powered by Typesense.

700 2 CVEs
Super Ajax Search

Super Ajax Search

ajax-searchwp

A
100

Feature-rich live search with thumbnails, smart excerpts, result grouping, and category filtering.

30 No CVEs
Awesome Instant Search

Awesome Instant Search

awesome-instant-search

A
85

Awesome Instant Search integrate Instant Search to ANY wordpress website.

10 No CVEs
CelerSearch

CelerSearch

celersearch

A
100

Extends WordPress search with a powerful MeiliSearch integration for lightning-fast, typo-tolerant search results.

0 No CVEs
partyks Search Connector for Bonsai

partyks Search Connector for Bonsai

partyks-search-connector-for-bonsai

A
100

Advanced WordPress search powered by Bonsai.io. WooCommerce-ready with fuzzy matching, autosuggestions, and instant results.

0 No CVEs
Developer Profile

Convertopia Smart Search Developer Profile

convertopia

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Convertopia Smart Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/convertopia-smart-search/assets/css/bootstrap/css/bootstrap.min.css/wp-content/plugins/convertopia-smart-search/assets/js/bootstrap/js/bootstrap.min.js/wp-content/plugins/convertopia-smart-search/assets/css/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/convertopia-smart-search/assets/css/style.css/wp-content/plugins/convertopia-smart-search/assets/js/spinner.js/wp-content/plugins/convertopia-smart-search/assets/js/convertopia.js/wp-content/plugins/convertopia-smart-search/assets/js/convertopia-setting.js
Version Parameters
convertopia-smart-search/assets/css/bootstrap/css/bootstrap.min.css?ver=convertopia-smart-search/assets/js/bootstrap/js/bootstrap.min.js?ver=convertopia-smart-search/assets/css/font-awesome-4.7.0/css/font-awesome.min.css?ver=convertopia-smart-search/assets/css/style.css?ver=convertopia-smart-search/assets/js/spinner.js?ver=convertopia-smart-search/assets/js/convertopia.js?ver=convertopia-smart-search/assets/js/convertopia-setting.js?ver=

HTML / DOM Fingerprints

CSS Classes
convertopia-admin-notice
Data Attributes
data-convertopia-id
JS Globals
convertopia_settings_params
FAQ

Frequently Asked Questions about Convertopia Smart Search