Does Predictive Search have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Predictive Search compatible with WordPress 7.0?

According to WordPress.org data, Predictive Search 1.5.0 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is Predictive Search updated?

Predictive Search was last updated on Apr 13, 2026. Frequent updates are generally a positive security signal.

What is Predictive Search's security score?

Predictive Search has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Predictive Search Security & Risk Analysis

wordpress.org/plugins/predictive-search

Predictive Search for WordPress gives your site visitors an awesome search experience delivering stunning 'live' search results.

50 active installs v1.5.0 PHP + WP 6.0+ Updated Apr 13, 2026

elementor-searchlive-searchpredictive-searchwordpress-search

A · Safe

CVEs total3

Unpatched0

Last CVEMay 15, 2023

Download

Safety Verdict

Is Predictive Search Safe to Use in 2026?

Generally Safe

Score 99/100

Predictive Search has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: May 15, 2023Updated 1mo ago

Risk Assessment

The 'predictive-search' plugin v1.4.2 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, there are significant concerns regarding its attack surface and taint analysis results. The presence of 4 AJAX handlers without authentication checks represents a direct avenue for attackers to potentially exploit the plugin's functionality without proper authorization. The taint analysis revealing 6 high-severity flows with unsanitized paths further exacerbates this risk, indicating potential for command injection or cross-site scripting vulnerabilities if these flows are not handled carefully by developers. The plugin's vulnerability history, despite having no currently unpatched CVEs, shows a pattern of 3 medium-severity vulnerabilities, predominantly of the 'Missing Authorization' type. This historical trend, coupled with the static analysis findings, suggests a recurring weakness in how authorization is managed, particularly within its AJAX endpoints. While the majority of the codebase appears secure, these specific areas of concern, especially the unprotected AJAX endpoints and high-severity taint flows, require immediate attention to mitigate potential security risks.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
History of medium severity vulns (Missing Auth)

Vulnerabilities

3 published

Predictive Search Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-searchmedium · 6.5Missing Authorization

Predictive Search <= 1.2.2 - Missing Authorization

May 15, 2023 Patched in 1.2.3 (253d)

WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-searchmedium · 6.5Missing Authorization

Predictive Search <= 1.2.2 - Missing Authorization

May 15, 2023 Patched in 1.2.3 (253d)

WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-searchmedium · 6.5Missing Authorization

Predictive Search <= 1.2.2 - Missing Authorization

May 15, 2023 Patched in 1.2.3 (253d)

Version History

Predictive Search Release Timeline

v1.5.0Current

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.6

v1.2.5

v1.2.4

v1.2.3

v1.2.23 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.2.13 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.2.03 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.1.23 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.1.13 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.1.03 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

v1.0.13 CVEs

WF-340e98bf-6484-4634-b2f8-e02f14de67de-predictive-search WF-ca481a37-8c45-499c-bf68-3af6795af827-predictive-search WF-d396e90b-c113-4534-8ce3-27bea3bd7296-predictive-search

Code Analysis

Analyzed Mar 16, 2026

Predictive Search Code Analysis

Dangerous Functions

Raw SQL Queries

133 prepared

Unescaped Output

1904 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

78% prepared170 total queries

Output Escaping

97% escaped1965 total outputs

Data Flows · Security

8 unsanitized

Data Flow Analysis

18 flows8 with unsanitized paths

a3_admin_ui_event (admin\admin-interface.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Predictive Search Attack Surface

Entry Points18

Unprotected4

AJAX Handlers 16

authwp_ajax_wpps_yellow_message_dontshowadmin\wp-predictive-search-init.php:119

noprivwp_ajax_wpps_yellow_message_dontshowadmin\wp-predictive-search-init.php:120

authwp_ajax_wpps_yellow_message_dismissadmin\wp-predictive-search-init.php:123

noprivwp_ajax_wpps_yellow_message_dismissadmin\wp-predictive-search-init.php:124

authwp_ajax_wp_predictive_search_start_syncclasses\class-wp-predictive-search-synch.php:37

noprivwp_ajax_wp_predictive_search_start_syncclasses\class-wp-predictive-search-synch.php:38

authwp_ajax_wp_predictive_search_sync_posttypeclasses\class-wp-predictive-search-synch.php:40

noprivwp_ajax_wp_predictive_search_sync_posttypeclasses\class-wp-predictive-search-synch.php:41

authwp_ajax_wp_predictive_search_sync_taxonomyclasses\class-wp-predictive-search-synch.php:43

noprivwp_ajax_wp_predictive_search_sync_taxonomyclasses\class-wp-predictive-search-synch.php:44

authwp_ajax_wp_predictive_search_sync_relationshipsclasses\class-wp-predictive-search-synch.php:46

noprivwp_ajax_wp_predictive_search_sync_relationshipsclasses\class-wp-predictive-search-synch.php:47

authwp_ajax_wp_predictive_search_sync_endclasses\class-wp-predictive-search-synch.php:49

noprivwp_ajax_wp_predictive_search_sync_endclasses\class-wp-predictive-search-synch.php:50

authwp_ajax_wp_predictive_search_manual_sync_errorclasses\class-wp-predictive-search-synch.php:52

noprivwp_ajax_wp_predictive_search_manual_sync_errorclasses\class-wp-predictive-search-synch.php:53

Shortcodes 2

[wpps_search] admin\wp-predictive-search-init.php:127

[wpps_search_widget] admin\wp-predictive-search-init.php:130

WordPress Hooks 113

actionplugins_loadedadmin\admin-init.php:39

actionplugins_loadedadmin\admin-init.php:47

actioninitadmin\admin-interface.php:49

actioninitadmin\admin-interface.php:50

actionadmin_enqueue_scriptsadmin\admin-interface.php:65

actionadmin_enqueue_scriptsadmin\admin-interface.php:66

actionadmin_print_scriptsadmin\admin-interface.php:69

actionadmin_print_footer_scriptsadmin\admin-interface.php:70

actionadmin_enqueue_scriptsadmin\admin-interface.php:81

actionadmin_enqueue_scriptsadmin\includes\uploader\class-uploader.php:59

filterfilesystem_methodadmin\less\sass.php:57

actionplugins_loadedadmin\settings\global-settings.php:82

actionplugins_loadedadmin\settings\performance-settings.php:93

actionplugins_loadedadmin\settings\search-function-settings.php:81

actionbulk_edit_custom_boxadmin\wp-predictive-search-init.php:56

actionsave_postadmin\wp-predictive-search-init.php:57

actionquick_edit_custom_boxadmin\wp-predictive-search-init.php:59

actionadmin_enqueue_scriptsadmin\wp-predictive-search-init.php:60

actionsave_postadmin\wp-predictive-search-init.php:61

actioninitadmin\wp-predictive-search-init.php:84

actionadmin_enqueue_scriptsadmin\wp-predictive-search-init.php:87

actioninitadmin\wp-predictive-search-init.php:89

actionwp_loadedadmin\wp-predictive-search-init.php:90

filterplugin_row_metaadmin\wp-predictive-search-init.php:93

actionadmin_enqueue_scriptsadmin\wp-predictive-search-init.php:99

filterquery_varsadmin\wp-predictive-search-init.php:112

filterrewrite_rules_arrayadmin\wp-predictive-search-init.php:113

actionwidgets_initadmin\wp-predictive-search-init.php:116

actionadd_meta_boxesadmin\wp-predictive-search-init.php:133

actionsave_postadmin\wp-predictive-search-init.php:137

actionmedia_buttonsadmin\wp-predictive-search-init.php:142

actionadmin_footeradmin\wp-predictive-search-init.php:143

actioninitadmin\wp-predictive-search-init.php:242

actionwpclasses\class-wp-predictive-search-backbone.php:17

actionwp_enqueue_scriptsclasses\class-wp-predictive-search-backbone.php:20

actionwp_enqueue_scriptsclasses\class-wp-predictive-search-backbone.php:21

actionwp_enqueue_scriptsclasses\class-wp-predictive-search-backbone.php:24

actionadmin_initclasses\class-wp-predictive-search-cache.php:26

actionwp_predictive_search_auto_preload_cache_eventclasses\class-wp-predictive-search-cache.php:31

actionadmin_noticesclasses\class-wp-predictive-search-cache.php:39

actionadmin_footerclasses\class-wp-predictive-search-cache.php:40

actionpost_submitbox_misc_actionsclasses\class-wp-predictive-search-metabox.php:23

actioninitclasses\class-wp-predictive-search-schedule.php:16

actionwp_predictive_search_sync_data_scheduled_jobsclasses\class-wp-predictive-search-schedule.php:33

actionwp_predictive_search_auto_sync_postsclasses\class-wp-predictive-search-schedule.php:36

actionwp_predictive_search_auto_sync_custom_typesclasses\class-wp-predictive-search-schedule.php:37

actionwp_predictive_search_auto_sync_taxonomyclasses\class-wp-predictive-search-schedule.php:38

actionwp_predictive_search_auto_sync_relationshipsclasses\class-wp-predictive-search-schedule.php:39

actionwp_predictive_search_auto_end_syncclasses\class-wp-predictive-search-schedule.php:40

actionwp_predictive_search_auto_sync_detect_errorclasses\class-wp-predictive-search-schedule.php:43

actioninitclasses\class-wp-predictive-search-synch.php:17

actioninitclasses\class-wp-predictive-search-synch.php:20

actiondelete_termclasses\class-wp-predictive-search-synch.php:23

actionadmin_noticesclasses\class-wp-predictive-search-synch.php:25

actionmysql_inserted_postclasses\class-wp-predictive-search-synch.php:33

actionsave_postclasses\class-wp-predictive-search-synch.php:299

actiondelete_postclasses\class-wp-predictive-search-synch.php:300

actionplugins_loadedclasses\class-wpml-functions.php:19

actionrest_api_initincludes\class-legacy-api.php:20

actionplugins_loadedincludes\class-wp-predictive-search.php:18

actionswitch_blogincludes\class-wp-predictive-search.php:19

filterexcerpt_moresrc\blocks\item-excerpt\block.php:45

actioninitsrc\blocks\item-excerpt\block.php:85

actioninitsrc\blocks\item-featured-image\block.php:94

actioninitsrc\blocks\item-template\block.php:65

actioninitsrc\blocks\item-terms\block.php:89

actioninitsrc\blocks\item-title\block.php:81

actioninitsrc\blocks\query-results\block.php:63

actioninitsrc\blocks\read-more\block.php:68

actioninitsrc\blocks\results-dropdown\block.php:26

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\results-dropdown\block.php:27

actioninitsrc\blocks\results-dropdown\child-blocks\dropdown-close-icon\block.php:26

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\results-dropdown\child-blocks\dropdown-close-icon\block.php:27

actioninitsrc\blocks\results-dropdown\child-blocks\dropdown-footer\block.php:26

filterpredictive_search_blocks_frontend_google_fontssrc\blocks\results-dropdown\child-blocks\dropdown-footer\block.php:27

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\results-dropdown\child-blocks\dropdown-footer\block.php:28

actioninitsrc\blocks\results-dropdown\child-blocks\dropdown-items\block.php:26

filterpredictive_search_blocks_frontend_google_fontssrc\blocks\results-dropdown\child-blocks\dropdown-items\block.php:27

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\results-dropdown\child-blocks\dropdown-items\block.php:28

actioninitsrc\blocks\results-dropdown\child-blocks\dropdown-title\block.php:26

filterpredictive_search_blocks_frontend_google_fontssrc\blocks\results-dropdown\child-blocks\dropdown-title\block.php:27

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\results-dropdown\child-blocks\dropdown-title\block.php:28

actioninitsrc\blocks\results-filter-by\block.php:135

actioninitsrc\blocks\results-heading\block.php:50

actioninitsrc\blocks\search-bar\block.php:26

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-bar\block.php:27

actioninitsrc\blocks\search-bar\child-blocks\category-dropdown\block.php:28

filterpredictive_search_blocks_frontend_google_fontssrc\blocks\search-bar\child-blocks\category-dropdown\block.php:29

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-bar\child-blocks\category-dropdown\block.php:30

actioninitsrc\blocks\search-bar\child-blocks\mobile-icon\block.php:26

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-bar\child-blocks\mobile-icon\block.php:27

actioninitsrc\blocks\search-bar\child-blocks\search-icon\block.php:26

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-bar\child-blocks\search-icon\block.php:27

actioninitsrc\blocks\search-bar\child-blocks\search-input\block.php:26

filterpredictive_search_blocks_frontend_google_fontssrc\blocks\search-bar\child-blocks\search-input\block.php:27

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-bar\child-blocks\search-input\block.php:28

actioninitsrc\blocks\search-form\block.php:24

actionpredictive_search_blocks_frontend_inline_csssrc\blocks\search-form\block.php:25

actionwp_enqueue_scriptssrc\blocks-frontend.php:24

actionwp_enqueue_scriptssrc\blocks-frontend.php:27

actioninitsrc\blocks.php:21

actionenqueue_block_editor_assetssrc\blocks.php:24

actionenqueue_block_assetssrc\blocks.php:26

filterexcerpt_allowed_blockssrc\blocks.php:29

actionafter_setup_themesrc\blocks.php:31

filterblock_categories_allsrc\blocks.php:106

filterpre_get_block_file_templatesrc\BlockTemplatesController.php:57

filterget_block_templatessrc\BlockTemplatesController.php:58

filtertheme_file_pathsrc\BlockTemplatesController.php:59

filterpre_get_block_file_templatesrc\BlockTemplatesController.php:102

filterget_block_file_templatesrc\BlockTemplatesController.php:108

filterpre_get_block_file_templatesrc\BlockTemplatesController.php:120

actionadmin_noticeswp-predictive-search.php:175

Scheduled Events 19

wp_predictive_search_sync_data_scheduled_jobs

wp_predictive_search_auto_preload_cache_event

wp_predictive_search_sync_data_scheduled_jobs

wp_predictive_search_auto_sync_posts

wp_predictive_search_auto_sync_detect_error

wp_predictive_search_auto_sync_posts

wp_predictive_search_auto_sync_custom_types

wp_predictive_search_auto_sync_detect_error

wp_predictive_search_auto_sync_custom_types

wp_predictive_search_auto_sync_taxonomy

wp_predictive_search_auto_sync_relationships

wp_predictive_search_auto_sync_detect_error

wp_predictive_search_auto_sync_taxonomy

wp_predictive_search_auto_sync_relationships

wp_predictive_search_auto_sync_detect_error

wp_predictive_search_auto_sync_relationships

wp_predictive_search_auto_end_sync

Maintenance & Trust

Predictive Search Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedApr 13, 2026

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs50

Alternatives

Predictive Search Alternatives

Predictive Search for WooCommerce

woocommerce-predictive-search

Predictive Search for WooCommerce gives your customers an awesome search experience delivering stunning 'live' product search results.

800 3 CVEs

Ajaxy Instant Search

ajaxy-instant-search

A facebook like ajaxy live search for wordpress, this plugin uses the same functionality as facebook to retrieve the results from your blog.

10 No CVEs

i-Search – Advanced Live Search

i-search

Live search suggestions for all post types. Search everywhere, include almost everything in the search. WooCommerce compatible.

10 No CVEs

Raavon Instant Ajax Search

raavon-instant-ajax-search

100

Raavon Instant Ajax Search adds fast AJAX live search for WordPress and WooCommerce with Elementor support and typo-tolerant fuzzy matching.

0 No CVEs

Ajax Search Lite – Live Search & Filter

ajax-search-lite

The Best Ajax Live Search and Filter for WordPress. Live suggestions, Custom Post types, Custom fields, Categories, WooCommerce & Elementor support

80K 11 CVEs

Developer Profile

Predictive Search Developer Profile

Steve Truman

13 plugins · 107K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

539 days

View full developer profile

Detection Fingerprints

How We Detect Predictive Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/predictive-search/assets/css/styles.css/wp-content/plugins/predictive-search/assets/js/scripts.js/wp-content/plugins/predictive-search/assets/js/vendor/jquery.min.js/wp-content/plugins/predictive-search/assets/js/vendor/bootstrap.min.js/wp-content/plugins/predictive-search/assets/js/vendor/moment.min.js/wp-content/plugins/predictive-search/assets/js/vendor/daterangepicker.js/wp-content/plugins/predictive-search/assets/js/vendor/jquery.validate.min.js/wp-content/plugins/predictive-search/assets/js/vendor/jquery.fancybox.pack.js+333 more

Script Paths

/wp-content/plugins/predictive-search/assets/js/scripts.js

Version Parameters

predictive-search/style.css?ver=predictive-search/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-predictive-searchpredictive-search-formpredictive-search-widgeta3rev-predictive-searchwpps-container

HTML Comments

+1 more

Data Attributes

data-wpps-iddata-wpps-noncedata-wpps-ajax-urldata-predictive-search-widget

JS Globals

wpps_ajax_objectwpps_paramspredictive_search_vars

REST Endpoints

/wp-json/predictive-search/v1/search/wp-json/a3rev/predictive-search/v1/settings

Shortcode Output

[predictive_search][wpps_search][a3rev_predictive_search]

FAQ

Predictive Search Security & Risk Analysis

Is Predictive Search Safe to Use in 2026?

Generally Safe

Key Concerns

Predictive Search Security Vulnerabilities

CVEs by Year

Severity Breakdown

Predictive Search Release Timeline

Predictive Search Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Predictive Search Attack Surface

AJAX Handlers 16

Shortcodes 2

Scheduled Events 19

Predictive Search Maintenance & Trust

Maintenance Signals

Community Trust

Predictive Search Alternatives

Predictive Search for WooCommerce

Ajaxy Instant Search

i-Search – Advanced Live Search

Raavon Instant Ajax Search

Ajax Search Lite – Live Search & Filter

Predictive Search Developer Profile

How We Detect Predictive Search

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Predictive Search