WP-Safety

Relevanssi Light Security & Risk Analysis

wordpress.org/plugins/relevanssi-light

Relevanssi Light is a simple, quick and effective search improvement that replaces the default WP search with a fulltext index search.

500 active installs v1.2.2 PHP 7.2+ WP 5.0+ Updated Feb 17, 2026
fulltextsearch
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Relevanssi Light Safe to Use in 2026?

Generally Safe

Score 100/100

Relevanssi Light has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The relevanssi-light v1.2.2 plugin exhibits a generally good security posture, with a clean vulnerability history and a limited attack surface. The absence of known CVEs and a lack of critical or high-severity taint flows are positive indicators. The plugin utilizes prepared statements for a majority of its SQL queries, which is a good practice. However, there are notable areas for improvement. The most significant concern is the complete lack of output escaping for all identified output points. This could lead to cross-site scripting (XSS) vulnerabilities if user-controlled data is reflected directly in the output without proper sanitization. Additionally, while there are no unauthenticated AJAX handlers in this version, the presence of capability checks is zero, which, in combination with the AJAX handlers, suggests a potential oversight in ensuring that sensitive operations are only performed by authorized users. The limited number of total flows analyzed in taint analysis also means the coverage might not be exhaustive.

Key Concerns

  • No output escaping for identified outputs
  • Zero capability checks on entry points
Vulnerabilities
None known

Relevanssi Light Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Relevanssi Light Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
5 prepared
Unescaped Output
2
0 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

63% prepared8 total queries

Output Escaping

0% escaped2 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
relevanssi_light_process_chunks (relevanssi-light-admin-ajax.php:45)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Relevanssi Light Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_relevanssi_light_get_chunksrelevanssi-light-admin-ajax.php:13
authwp_ajax_relevanssi_light_process_chunksrelevanssi-light-admin-ajax.php:14
authwp_ajax_relevanssi_light_database_alterationrelevanssi-light.php:49
noprivwp_ajax_relevanssi_light_database_alterationrelevanssi-light.php:50
WordPress Hooks 8
actionadmin_menurelevanssi-light-menu.php:13
actioninitrelevanssi-light.php:46
actionadmin_initrelevanssi-light.php:47
actionwp_insert_postrelevanssi-light.php:48
actionwp_insert_siterelevanssi-light.php:51
filterposts_searchrelevanssi-light.php:78
filterposts_search_orderbyrelevanssi-light.php:79
filterposts_requestrelevanssi-light.php:80
Maintenance & Trust

Relevanssi Light Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.2
Downloads15K

Community Trust

Rating92/100
Number of ratings7
Active installs500
Alternatives

Relevanssi Light Alternatives

WP Fast Total Search – The Power of Indexed Search

WP Fast Total Search – The Power of Indexed Search

fulltext-search

A
94

Extends the default fulltext search with relevance, jet speed and ability to search any posts, metadata, taxonomy, shortcode content and more data.

1K 8 CVEs
Full-Text Search

Full-Text Search

full-text-search

A
100

Replaces site search with full-text search.

200 No CVEs
WPFTS Add-on for WP-Filebase Pro

WPFTS Add-on for WP-Filebase Pro

wpfts-add-on-for-wp-filebase-pro

A
100

This plugin adds a data bridge between WP-Filebase Pro plugin and WP Fulltext Search Pro (WPFTS) plugin to allow WPFTS index and search files, uploade …

50 No CVEs
WPFTS Add-on for WP Download Manager

WPFTS Add-on for WP Download Manager

wpfts-add-on-for-wp-download-manager

A
92

This plugin adds a data bridge between WP Download Manager plugin and WP Fulltext Search Pro (WPFTS) plugin to allow WPFTS index and search files, upl …

20 No CVEs
Wow FullText Search

Wow FullText Search

wow-fulltext-search

A
85

Fast fulltext search provided by Search Engine software replacing default WordPress functionality.

10 No CVEs
Developer Profile

Relevanssi Light Developer Profile

Mikko Saari

4 plugins · 107K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
902 days
View full developer profile
Detection Fingerprints

How We Detect Relevanssi Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/relevanssi-light/relevanssi-light-admin-ajax.php/wp-content/plugins/relevanssi-light/relevanssi-light-menu.php

HTML / DOM Fingerprints

HTML Comments
Copyright 2022 Mikko Saari (email: mikko@mikkosaari.fi)This file is part of Relevanssi Light, a search plugin for WordPress.Relevanssi Light is free software: you can redistribute and/or modifyit under the terms of the GNU General Public License as published by+8 more
FAQ

Frequently Asked Questions about Relevanssi Light