Does Search Meter have any unpatched vulnerabilities?

No. All known vulnerabilities in Search Meter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Search Meter compatible with WordPress 6.9.4?

According to WordPress.org data, Search Meter 2.14.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Search Meter updated?

Search Meter was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Search Meter's security score?

Search Meter has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Search Meter Security & Risk Analysis

wordpress.org/plugins/search-meter

Search Meter tracks what your readers are searching for on your site. View full details of recent searches or stats for the last day, week or month.

20K active installs v2.14.1 PHP + WP 3.2+ Updated Dec 3, 2025

metersearchsearch-meterstatisticswidget

A · Safe

CVEs total1

Unpatched0

Last CVEMar 11, 2020

Plugin page Download

Safety Verdict

Is Search Meter Safe to Use in 2026?

Generally Safe

Score 98/100

Search Meter has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 11, 2020Updated 4mo ago

Risk Assessment

The "search-meter" plugin v2.14.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed. Furthermore, there are no identified dangerous functions being used, and the plugin does implement nonce and capability checks, indicating some adherence to secure coding practices. However, significant concerns arise from the SQL query and output escaping practices. A substantial portion of SQL queries are not using prepared statements, which is a common vector for SQL injection vulnerabilities. Similarly, a very low percentage of output is properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while limited, did identify flows with unsanitized paths, which, if exploited, could lead to issues. The vulnerability history is also a significant red flag, with a past critical vulnerability related to code injection. Although this vulnerability is patched, its nature and the presence of unescaped output and non-prepared SQL statements suggest a potential for similar issues to arise.

Key Concerns

Low percentage of properly escaped output
High percentage of SQL queries without prepared statements
Flows with unsanitized paths found in taint analysis
History of critical code injection vulnerability

Vulnerabilities

Search Meter Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2020-11548critical · 9.8Improper Control of Generation of Code ('Code Injection')

Search Meter <= 2.13.2 - Remote Code Execution

Mar 11, 2020 Patched in 2.13.3 (1413d)

Code Analysis

Analyzed Mar 16, 2026

Search Meter Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

38% prepared21 total queries

Output Escaping

14% escaped44 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

tguy_sm_stats_page (admin.php:207)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Search Meter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_headadmin.php:21

actioninitadmin.php:24

actionwp_dashboard_setupadmin.php:164

actionadmin_menuadmin.php:194

actionplugins_loadedsearch-meter.php:40

filterthe_postssearch-meter.php:164

actioninitsearch-meter.php:172

actionwidgets_initsearch-meter.php:183

Maintenance & Trust

Search Meter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads428K

Community Trust

Rating86/100

Number of ratings29

Active installs20K

Alternatives

Search Meter Alternatives

Search Fixer

search-fixer

Search Fixer makes "pretty" search links work properly. A pretty search link usually looks like this:

200 No CVEs

Statify Widget

statify-widget

Data privacy conform widget for list popular content (pages, posts, custom post types) – based on Statify plugin.

4K 1 CVE

Search Analytics for WP

search-analytics

Search Analytics for WP will store and display the search terms used on your website. No third-party service is used!

3K 4 CVEs

Search Console

search-console

100

View all your Search Console data inside WordPress dashboard.

3K No CVEs

Sitekit

sitekit

Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.

3K 1 unpatched

Developer Profile

Search Meter Developer Profile

bennettmcelwee

6 plugins · 22K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

1413 days

View full developer profile

Detection Fingerprints

How We Detect Search Meter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/search-meter/css/search-meter-admin.css/wp-content/plugins/search-meter/css/search-meter-frontend.css/wp-content/plugins/search-meter/js/search-meter-admin.js/wp-content/plugins/search-meter/js/search-meter-frontend.js

Version Parameters

search-meter/css/search-meter-admin.css?ver=search-meter/css/search-meter-frontend.css?ver=search-meter/js/search-meter-admin.js?ver=search-meter/js/search-meter-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

widget_search_metersearch-meter-widget

Data Attributes

data-sm-id

JS Globals

sm_admin

Shortcode Output

[search_meter_popular_searches][search_meter_recent_searches]

FAQ