WP-Safety

Live Search and Custom Fields LITE – Advanced Filter Security & Risk Analysis

wordpress.org/plugins/live-search-custom-fields-lite

Advanced WordPress Filter Plugin that helps you to create stunning filters on your website. Search and Filter WordPress posts, custom posts, WooCommer …

100 active installs v2.1 PHP 5.6+ WP 4.3+ Updated Nov 6, 2020
advanced-filtercustom-fieldscustom-posttaxonomies-filterwoocommerce-product-filter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Live Search and Custom Fields LITE – Advanced Filter Safe to Use in 2026?

Generally Safe

Score 85/100

Live Search and Custom Fields LITE – Advanced Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin 'live-search-custom-fields-lite' v2.1 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring a high percentage of output is properly escaped, significantly mitigating common injection risks. The absence of known CVEs and a clean vulnerability history suggest a stable and well-maintained codebase.

However, significant concerns arise from the static analysis. A large portion of the plugin's attack surface, specifically 6 out of 7 entry points, are AJAX handlers that lack authentication checks. This is a critical weakness that could allow unauthenticated users to trigger potentially sensitive actions within the plugin. Furthermore, the presence of 2 taint flows with unsanitized paths, even without critical or high severity labels, warrants attention as it indicates potential avenues for unintended data manipulation or file access if not handled carefully by the developer. The single nonce check is also insufficient given the number of unprotected AJAX handlers.

In conclusion, while the plugin benefits from robust SQL handling and output escaping, the lack of authentication on a majority of its AJAX endpoints represents a substantial security risk. The taint analysis, though not critical, adds another layer of concern. The clean vulnerability history is a positive indicator, but it does not negate the immediate risks identified in the code analysis.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flows with unsanitized paths
  • Insufficient nonce checks
Vulnerabilities
None known

Live Search and Custom Fields LITE – Advanced Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Live Search and Custom Fields LITE – Advanced Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
31
640 escaped
Nonce Checks
1
Capability Checks
0
File Operations
6
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

95% escaped671 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
px_plugin_lf_ajax_request (_controllers\main_controller.php:726)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Live Search and Custom Fields LITE – Advanced Filter Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

noprivwp_ajax_px-plugin-ajaxsettings\settings.php:93
authwp_ajax_px-plugin-ajaxsettings\settings.php:94
noprivwp_ajax_lscf-administrator-ajaxsettings\settings.php:97
authwp_ajax_lscf-administrator-ajaxsettings\settings.php:98
noprivwp_ajax_px-ang-httpsettings\settings.php:102
authwp_ajax_px-ang-httpsettings\settings.php:103

Shortcodes 1

[px_filter] shortcode.php:139
WordPress Hooks 20
actionadmin_initsettings\settings.php:18
actionadmin_menusettings\settings.php:20
actioninitsettings\settings.php:36
actioninitsettings\settings.php:37
actionadmin_initsettings\settings.php:38
actionadmin_initsettings\settings.php:39
actionadmin_initsettings\settings.php:40
actionadmin_initsettings\settings.php:41
actionwp_enqueue_scriptssettings\settings.php:89
actionadmin_enqueue_scriptssettings\settings.php:90
actionafter_setup_themesettings\settings.php:106
filterthe_contentsettings\settings.php:110
actionwpshortcode.php:141
actionsave_post_controllers\custom_fields_controller.php:88
actionposts_join_helpers\query_helper.php:67
actionposts_join_helpers\query_helper.php:81
actionposts_join_helpers\query_helper.php:87
actionposts_join_helpers\query_helper.php:92
actionposts_where_helpers\query_helper.php:97
actionposts_join_helpers\query_helper.php:98
Maintenance & Trust

Live Search and Custom Fields LITE – Advanced Filter Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedNov 6, 2020
PHP min version5.6
Downloads15K

Community Trust

Rating20/100
Number of ratings1
Active installs100
Alternatives

Live Search and Custom Fields LITE – Advanced Filter Alternatives

Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs
Pods – Custom Content Types and Fields

Pods – Custom Content Types and Fields

pods

A
87

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs
Sydney Toolbox

Sydney Toolbox

sydney-toolbox

A
89

Registers custom post types and custom fields for the Sydney theme

60K 5 CVEs
Custom Post Types and Custom Fields creator – WCK

Custom Post Types and Custom Fields creator – WCK

wck-custom-fields-and-custom-post-types-creator

A
100

A must have tool for creating custom fields, custom post types and taxonomies, fast and without any programming knowledge.

10K 1 CVE
CubeWP Framework

CubeWP Framework

cubewp-framework

C
52

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched
Developer Profile

Live Search and Custom Fields LITE – Advanced Filter Developer Profile

pixolette

4 plugins · 690 total installs

93
trust score
Avg Security Score
90/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Live Search and Custom Fields LITE – Advanced Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/live-search-custom-fields-lite/assets/images/icons/panda-white-16x16.png/wp-content/plugins/live-search-custom-fields-lite/assets/js/wp_functions.js/wp-content/plugins/live-search-custom-fields-lite/assets/js/lib/custom-select-box.js/wp-content/plugins/live-search-custom-fields-lite/assets/source.js/wp-content/plugins/live-search-custom-fields-lite/assets/vendor.js/wp-content/plugins/live-search-custom-fields-lite/assets/css/wpbackend.css/wp-content/plugins/live-search-custom-fields-lite/assets/vendor/slick/slick.css/wp-content/plugins/live-search-custom-fields-lite/assets/css/jquery-ui.min.css
Script Paths
assets/js/wp_functions.jsassets/js/lib/custom-select-box.jsassets/source.jsassets/vendor.js
Version Parameters
live-search-custom-fields-lite/assets/js/wp_functions.js?ver=live-search-custom-fields-lite/assets/js/lib/custom-select-box.js?ver=live-search-custom-fields-lite/assets/source.js?ver=live-search-custom-fields-lite/assets/vendor.js?ver=live-search-custom-fields-lite/assets/css/wpbackend.css?ver=live-search-custom-fields-lite/assets/vendor/slick/slick.css?ver=live-search-custom-fields-lite/assets/css/jquery-ui.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
lscf-custom-sidebar
HTML Comments
<!-- Setting ajax request POST action type. --><!-- setting ajax request POST action type. --><!-- setting http angular requests. --><!-- Single page - fields view. -->+1 more
Data Attributes
lscf-demo-frontend-editor
JS Globals
adminData
REST Endpoints
/wp-json/wp/v2/px-plugin-ajax/wp-json/wp/v2/lscf-administrator-ajax/wp-json/wp/v2/px-ang-http
Shortcode Output
[lscf_lite_filter_shortcode]
FAQ

Frequently Asked Questions about Live Search and Custom Fields LITE – Advanced Filter