WP-Safety

Network Database Search Security & Risk Analysis

wordpress.org/plugins/network-database-search

Powerful multisite database search for WordPress administrators. Search posts, custom fields, menus, media, options, and even Gravity Forms.

0 active installs v0.1 PHP 5.6+ WP + Updated Oct 8, 2017
custom-fieldsdatabasemultisitenetworksearch
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Network Database Search Safe to Use in 2026?

Generally Safe

Score 85/100

Network Database Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'network-database-search' v0.1 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. With 4 out of 5 identified entry points (AJAX handlers and REST API routes) lacking proper authentication or permission checks, the plugin is highly susceptible to unauthorized access and manipulation. While the use of prepared statements for all SQL queries is a strong positive, the complete lack of output escaping across all identified outputs is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. The absence of any recorded vulnerabilities in its history might suggest a lack of targeted attacks or a very small user base, but it does not mitigate the inherent risks presented by the current code. The overall security is compromised by the easily exploitable attack surface, despite the good practice in SQL handling.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Output escaping not used
  • Nonce checks not used on AJAX
  • Capability checks not used
Vulnerabilities
None known

Network Database Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Network Database Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

0% escaped3 total outputs
Attack Surface
4 unprotected

Network Database Search Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 2

authwp_ajax_nds_get_rest_api_urlapi\get-rest-api-url.php:19
noprivwp_ajax_nds_get_rest_api_urlapi\get-rest-api-url.php:22

REST API Routes 3

GET/wp-json/nds/v1/get-query-typesapi\get-query-types.php:10
GET/wp-json/nds/v1/get-sitesapi\get-sites.php:16
GET/wp-json/nds/v1/search/api\search-site.php:19
WordPress Hooks 16
actionrest_api_initapi\get-query-types.php:15
actionrest_api_initapi\get-sites.php:21
actionrest_api_initapi\search-site.php:67
actionnetwork_admin_menunetwork-database-search.php:59
actionadmin_menunetwork-database-search.php:63
filterallowed_http_originsnetwork-database-search.php:105
filternds_query_typesquery-types\core.php:16
actionplugins_loadedquery-types\gravity-forms.php:19
filternds_query_typesquery-types\gravity-forms.php:22
filternds_search_results_postsresult-filters\add-edit-links.php:9
filternds_search_results_gravityformsresult-filters\add-edit-links.php:46
filternds_search_results_gravityformentriesresult-filters\add-edit-links.php:61
filternds_search_resultsresult-filters\add-titles.php:5
filternds_search_resultsresult-filters\clip-long-fields.php:7
filternds_search_results_earlyresult-filters\group-results\get-missing-parents.php:7
filternds_search_resultsresult-filters\group-results\group-children-with-parents.php:6
Maintenance & Trust

Network Database Search Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedOct 8, 2017
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Network Database Search Alternatives

Advanced Custom Fields: Sites Field

Advanced Custom Fields: Sites Field

advanced-custom-fields-sites-field

A
85

Adds a sites field type to ACF. Allows for selection of one or multiple sites in a multisite network.

40 No CVEs
Better Search Replace

Better Search Replace

better-search-replace

A
98

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs
Search Regex

Search Regex

search-regex

A
100

Search Regex adds a powerful set of search and replace functions to WordPress posts, pages, custom post types, and other data.

100K No CVEs
Go Live Update Urls

Go Live Update Urls

go-live-update-urls

A
100

Change the domain on your site with one click.

80K No CVEs
Better Find and Replace – AI-Powered Suggestions

Better Find and Replace – AI-Powered Suggestions

real-time-auto-find-and-replace

A
89

Search and replace text, images, URLs, footer credits, code blocks or jQuery-Ajax content in real time or in Database, easy user-interface

50K 7 CVEs
Developer Profile

Network Database Search Developer Profile

Micah Miller-Eshleman

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Network Database Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/network-database-search/preact-ui/dist/style.css/wp-content/plugins/network-database-search/preact-ui/build/bundle.js/wp-content/plugins/network-database-search/preact-ui/dist/bundle.js
Script Paths
/wp-content/plugins/network-database-search/preact-ui/build/bundle.js/wp-content/plugins/network-database-search/preact-ui/dist/bundle.js
Version Parameters
network-database-search/preact-ui/dist/style.css?v=network-database-search/preact-ui/build/bundle.js?v=network-database-search/preact-ui/dist/bundle.js?v=

HTML / DOM Fingerprints

CSS Classes
nds-root
JS Globals
nds_rest_api_nonce
REST Endpoints
/wp-json/nds/v1/get-query-types/wp-json/nds/v1/get-sites/wp-json/nds/v1/search/
FAQ

Frequently Asked Questions about Network Database Search