WP-Safety

Search Analytics for WP Security & Risk Analysis

wordpress.org/plugins/search-analytics

Search Analytics for WP will store and display the search terms used on your website. No third-party service is used!

3K active installs v1.4.16 PHP 5.6+ WP 4.4.0+ Updated Sep 17, 2025
analyticshistorysearchstatistics
97
A · Safe
CVEs total4
Unpatched0
Last CVESep 30, 2024
Plugin page Download
Safety Verdict

Is Search Analytics for WP Safe to Use in 2026?

Generally Safe

Score 97/100

Search Analytics for WP has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 30, 2024Updated 6mo ago
Risk Assessment

The "search-analytics" plugin version 1.4.16 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped outputs, significant concerns arise from the taint analysis and its historical vulnerability record. The static analysis reveals a low attack surface with no apparent unprotected entry points, and the presence of nonce and capability checks, though the latter are notably absent (0 checks). However, the taint analysis shows a concerning 4 high-severity flows with unsanitized paths, indicating potential for input manipulation leading to vulnerabilities. The plugin's history of 4 medium-severity CVEs, primarily related to Cross-site Scripting and Missing Authorization, further exacerbates these concerns. The fact that the last vulnerability was recent (September 30, 2024) and that all previously reported CVEs are now patched is a positive sign, but the persistent nature of certain vulnerability types in the past suggests a need for ongoing vigilance and robust input validation. Overall, while the current version shows some improvements, the taint analysis findings and historical context warrant careful consideration and mitigation efforts.

Key Concerns

  • High severity unsanitized taint flows
  • History of medium severity CVEs
  • No capability checks detected
  • File operations detected
  • External HTTP requests detected
Vulnerabilities
4

Search Analytics for WP Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2024-9209medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 1.4.11 (4d)
CVE-2024-43229medium · 4.3Missing Authorization

WP Search Analytics <= 1.4.9 - Missing Authorization

Aug 9, 2024 Patched in 1.4.10 (5d)
CVE-2023-30471medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Search Analytics <= 1.4.7 - Reflected Cross-Site Scripting via 'render_stats_page'

Aug 28, 2023 Patched in 1.4.8 (148d)
CVE-2022-47587medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Search Analytics <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 28, 2023 Patched in 1.4.6 (270d)
Code Analysis
Analyzed Mar 16, 2026

Search Analytics for WP Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
21 prepared
Unescaped Output
13
119 escaped
Nonce Checks
4
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

75% prepared28 total queries

Output Escaping

90% escaped132 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
filter_date (admin\includes\class.stats-table.php:317)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Search Analytics for WP Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 2

authwp_ajax_render_chart_dataadmin\includes\class.charts.php:13
authwp_ajax_save_default_chart_settingsadmin\includes\class.charts.php:14

Shortcodes 2

[mwtsa_display_latest_searches] shortcodes\class.mwtsa_display_latest_searches.php:8
[mwtsa_display_search_stats] shortcodes\class.mwtsa_display_search_stats.php:8
WordPress Hooks 19
actionwp_dashboard_setupadmin\admin.php:22
filterplugin_row_metaadmin\admin.php:24
actionadmin_enqueue_scriptsadmin\includes\class.charts.php:11
actionadmin_menuadmin\includes\class.settings.php:13
actionadmin_initadmin\includes\class.settings.php:14
actioninitadmin\includes\class.stats.php:21
actionadmin_menuadmin\includes\class.stats.php:23
actionadmin_enqueue_scriptsadmin\includes\class.stats.php:24
filterset-screen-optionadmin\includes\class.stats.php:27
actioninitmwt-search-analytics.php:105
actioninitmwt-search-analytics.php:106
actioninitmwt-search-analytics.php:108
actioninitmwt-search-analytics.php:109
actionrest_api_initmwt-search-analytics.php:111
actionwpmwt-search-analytics.php:113
actionwpforo_search_result_aftermwt-search-analytics.php:115
actionwp_insert_sitemwt-search-analytics.php:120
actionwp_loginmwt-search-analytics.php:121
filtermwtsa_run_terms_history_order_byshortcodes\class.mwtsa_display_latest_searches.php:44
Maintenance & Trust

Search Analytics for WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 17, 2025
PHP min version5.6
Downloads41K

Community Trust

Rating100/100
Number of ratings30
Active installs3K
Alternatives

Search Analytics for WP Alternatives

Search Insights – Privacy-Friendly Search Analytics

Search Insights – Privacy-Friendly Search Analytics

wp-search-insights

A
100

Uncover exactly what visitors search for on your site. Stop guessing what content to create, fix content gaps, and boost engagement.

3K No CVEs
PureDevs Customer History for WooCommerce

PureDevs Customer History for WooCommerce

puredevs-customer-history-for-woocommerce

A
100

Track your WooCommerce customers' order history, spending, and behaviour from a clean admin dashboard.

10 No CVEs
Site Kit by Google – Analytics, Search Console, AdSense, Speed

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

A
100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE
GA Google Analytics – Connect Google Analytics to WordPress

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

A
100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs
Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

burst-statistics

A
96

Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.

200K 3 CVEs
Developer Profile

Search Analytics for WP Developer Profile

Cornel Raiu

1 plugin · 3K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
107 days
View full developer profile
Detection Fingerprints

How We Detect Search Analytics for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/search-analytics/admin/assets/js/chart.bundle.min.js/wp-content/plugins/search-analytics/admin/assets/js/chart-controller.js
Script Paths
/wp-content/plugins/search-analytics/admin/assets/js/chart.bundle.min.js/wp-content/plugins/search-analytics/admin/assets/js/chart-controller.js
Version Parameters
search-analytics/admin/assets/js/chart.bundle.min.js?ver=search-analytics/admin/assets/js/chart-controller.js?ver=

HTML / DOM Fingerprints

CSS Classes
mwtsa-chart-options
Data Attributes
id="chart-type"id="chart-ranges"
JS Globals
mwtsa_chart_objMWTSA_OptionsMWTSAI
REST Endpoints
/wp-json/mwtsa-search-analytics/v1/search
Shortcode Output
[mwtsa_display_search_stats][mwtsa_display_latest_searches]
FAQ

Frequently Asked Questions about Search Analytics for WP