WP-Safety

Search Live Security & Risk Analysis

wordpress.org/plugins/search-live

Search Live supplies integrated live search facilities and advanced search features.

700 active installs v2.0.0 PHP 7.4+ WP 6.5+ Updated Dec 20, 2025
ajaxajax-searchinstant-searchlive-searchsearch
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Search Live Safe to Use in 2026?

Generally Safe

Score 100/100

Search Live has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The search-live v2.0.0 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and no external HTTP requests, significant concerns arise from its attack surface. Two AJAX handlers are present, and critically, both lack authentication checks, presenting a direct entry point for potential malicious actors to interact with the plugin's functionality without proper authorization. The taint analysis reveals one flow with an unsanitized path, which, although not classified as critical or high, warrants investigation to ensure it doesn't lead to unintended consequences. Furthermore, only 47% of output escaping is properly implemented, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly without adequate sanitization. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past security diligence. However, the presence of unprotected AJAX handlers and insufficient output escaping in the current version are notable weaknesses that must be addressed to improve its overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized path in taint flow
  • Low percentage of proper output escaping
Vulnerabilities
None known

Search Live Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Search Live Release Timeline

v2.0.0Current
v1.15.0
v1.14.0
v1.13.0
v1.12.0
v1.11.0
v1.10.0
v1.9.0
v1.8.2
v1.8.1
v1.8.0
v1.7.0
v1.6.1
v1.6.0
v1.5.0
v1.4.0
v1.3.3
v1.3.2
v1.3.1
v1.3.0
Code Analysis
Analyzed Mar 16, 2026

Search Live Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
73
66 escaped
Nonce Checks
1
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

47% escaped139 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
admin_notices (admin\class-search-live-notice.php:95)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Search Live Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_search_livecore\class-search-live-service.php:66
noprivwp_ajax_search_livecore\class-search-live-service.php:67

Shortcodes 1

[search_live] views\class-search-live-shortcodes.php:49
WordPress Hooks 20
actioninitadmin\class-search-live-admin.php:46
actionadmin_enqueue_scriptsadmin\class-search-live-admin.php:47
actionadmin_menuadmin\class-search-live-admin.php:48
actionadmin_initadmin\class-search-live-admin.php:49
actionadmin_print_stylesadmin\class-search-live-admin.php:109
actioncurrent_screenadmin\class-search-live-admin.php:117
actionadmin_initadmin\class-search-live-notice.php:56
actionadmin_noticesadmin\class-search-live-notice.php:72
actioninitcore\class-search-live-service.php:63
actionwp_enqueue_scriptscore\class-search-live-service.php:64
filtericl_set_current_languagecore\class-search-live-service.php:65
actionpre_get_postscore\class-search-live-service.php:107
filterposts_searchcore\class-search-live-service.php:108
filterposts_wherecore\class-search-live-service.php:644
actionadmin_noticescore\class-search-live.php:68
actioninitcore\class-search-live.php:69
filterget_search_formviews\class-search-live-form.php:42
actionafter_setup_themeviews\class-search-live-thumbnail.php:46
filterimage_downsizeviews\class-search-live-thumbnail.php:47
actionwidgets_initviews\class-search-live-widget.php:57
Maintenance & Trust

Search Live Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version7.4
Downloads38K

Community Trust

Rating100/100
Number of ratings30
Active installs700
Alternatives

Search Live Alternatives

Super Ajax Search

Super Ajax Search

ajax-searchwp

A
100

Feature-rich live search with thumbnails, smart excerpts, result grouping, and category filtering.

30 No CVEs
Ajax Search

Ajax Search

ajax-search

A
85

Ajax Search is a simple instant posts search widget.

10 No CVEs
Dynamic Data Search

Dynamic Data Search

dynamic-data-search

A
100

Fast and lightweight AJAX-powered search for WordPress with WooCommerce and Gutenberg template support.

0 No CVEs
Hound – AJAX Search Lite

Hound – AJAX Search Lite

hound-lite

A
85

Search all posts and pages of a WordPress website instantly. Get search result as you keep typing your keyword.

0 No CVEs
Swift Woo Search – eCommerce Live Search

Swift Woo Search – eCommerce Live Search

swift-woo-search-ecommerce-live-search

A
100

A lightweight, fast and customizable AJAX search plugin for WooCommerce stores. Boost your shop's UX and conversion rate with instant product results.

0 No CVEs
Developer Profile

Search Live Developer Profile

itthinx

30 plugins · 23K total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect Search Live

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/search-live/css/admin.css/wp-content/plugins/search-live/css/admin-menu.css
Version Parameters
ver=2.0.0

HTML / DOM Fingerprints

CSS Classes
search-live-help
FAQ

Frequently Asked Questions about Search Live