WP-Safety

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Security & Risk Analysis

wordpress.org/plugins/search-replace-wpcode

Search and Replace everything in WordPress. Easily find and replace media, images, text, links and more with a single click using a simple user interf …

20K active installs v1.0.9 PHP 7.0+ WP 5.5+ Updated Dec 10, 2025
databasemediareplacesearchsearch-replace
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Safe to Use in 2026?

Generally Safe

Score 100/100

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "search-replace-wpcode" plugin v1.0.9 exhibits a generally good security posture with several positive indicators. The plugin demonstrates a high percentage of properly escaped output and a significant portion of SQL queries using prepared statements, suggesting a conscious effort towards secure coding practices. The absence of known CVEs and past vulnerabilities further reinforces this positive impression, indicating a mature and likely well-maintained codebase. However, there are specific areas of concern that warrant attention. The presence of one unprotected AJAX handler represents a potential entry point for attackers, especially if it handles user-supplied data without proper validation or authentication. The use of the `unserialize` function, while not inherently a vulnerability, is a known risk factor as it can be exploited if the serialized data originates from an untrusted source. The lack of taint analysis critical or high severity findings is encouraging, but the single unprotected AJAX handler and the `unserialize` function present a non-negligible risk.

Key Concerns

  • Unprotected AJAX handler found
  • Use of dangerous function (unserialize)
Vulnerabilities
None known

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Release Timeline

v1.0.9Current
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
6 prepared
Unescaped Output
31
222 escaped
Nonce Checks
8
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize( trim( $data ), array( // phpcs:ignoreincludes\class-wsrw-search-replace.php:627

SQL Query Safety

75% prepared8 total queries

Output Escaping

88% escaped253 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

6 flows
<class-wsrw-notice> (includes\admin\class-wsrw-notice.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 6

authwp_ajax_wsrw_notice_dismissincludes\admin\class-wsrw-notice.php:63
authwp_ajax_wsrw_start_search_replaceincludes\class-wsrw-search-replace.php:44
authwp_ajax_wsrw_do_search_replaceincludes\class-wsrw-search-replace.php:45
authwp_ajax_wsrw_delete_search_historyincludes\class-wsrw-search-replace.php:46
authwp_ajax_wsrw_connect_urlincludes\lite\admin\class-wsrw-connect.php:33
noprivwp_ajax_wsrw_connect_processincludes\lite\admin\class-wsrw-connect.php:34

REST API Routes 1

POST/wp-json/wsrw/v1/upload-imageincludes\class-wsrw-image-replace.php:226
WordPress Hooks 31
actionadmin_enqueue_scriptsincludes\admin\admin-scripts.php:12
actionadmin_menuincludes\admin\class-wsrw-admin-page-loader.php:43
actionadmin_noticesincludes\admin\class-wsrw-notice.php:60
actionwsrw_admin_noticesincludes\admin\class-wsrw-notice.php:62
actionwsrw_admin_pageincludes\admin\class-wsrw-notice.php:66
filteradmin_footer_textincludes\admin\class-wsrw-review.php:17
actionadmin_initincludes\admin\pages\class-wsrw-admin-page-search-replace.php:154
filterwsrw_admin_js_dataincludes\admin\pages\class-wsrw-admin-page-search-replace.php:155
filtersubmenu_fileincludes\admin\pages\class-wsrw-admin-page-search-replace.php:156
actionadmin_menuincludes\admin\pages\class-wsrw-admin-page.php:112
actionwsrw_admin_pageincludes\admin\pages\class-wsrw-admin-page.php:123
actionwsrw_admin_pageincludes\admin\pages\class-wsrw-admin-page.php:124
actionadmin_enqueue_scriptsincludes\admin\pages\class-wsrw-admin-page.php:125
filteradmin_body_classincludes\admin\pages\class-wsrw-admin-page.php:126
actionin_admin_footerincludes\admin\pages\class-wsrw-admin-page.php:127
actionrest_api_initincludes\class-wsrw-image-replace.php:29
filterattachment_fields_to_editincludes\class-wsrw-image-replace.php:31
filtermedia_row_actionsincludes\class-wsrw-image-replace.php:32
filterwp_get_attachment_image_srcincludes\class-wsrw-image-replace.php:34
actionadd_meta_boxes_attachmentincludes\class-wsrw-image-replace.php:36
filterbig_image_size_thresholdincludes\class-wsrw-image-replace.php:193
actionadmin_initincludes\class-wsrw-install.php:22
actionwsrw_admin_page_content_wsrw-search-replaceincludes\lite\admin\class-wsrw-connect.php:32
actionwsrw_admin_pageincludes\lite\admin\notices.php:10
actionwsrw_admin_page_content_wsrw-search-replaceincludes\lite\admin\notices.php:11
actionactivate_search-replace-wpcode-pro/wsrw-premium.phpwsrw.php:34
actionactivate_search-replace-wpcode/wsrw.phpwsrw.php:47
actiondeactivate_search-replace-wpcode/wsrw.phpwsrw.php:65
actionadmin_initwsrw.php:80
actionadmin_noticeswsrw.php:115
actionplugins_loadedwsrw.php:192
Maintenance & Trust

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.0
Downloads108K

Community Trust

Rating78/100
Number of ratings7
Active installs20K
Alternatives

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Alternatives

Better Search Replace

Better Search Replace

better-search-replace

A
98

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs
Better Find and Replace – AI-Powered Suggestions

Better Find and Replace – AI-Powered Suggestions

real-time-auto-find-and-replace

A
88

Search and replace text, images, URLs, footer credits, code blocks or jQuery-Ajax content in real time or in Database, easy user-interface

50K 8 CVEs
CM Search And Replace – Optimize content edits with a powerful search and replace tool

CM Search And Replace – Optimize content edits with a powerful search and replace tool

cm-on-demand-search-and-replace

B
74

Search and replace words, phrases, and HTML within your website posts and pages.

2K 1 unpatched
Slider Revolution Search Replace

Slider Revolution Search Replace

slider-revolution-search-replace

A
85

Replace url of old domain to new domain for revolution slider only.

900 No CVEs
Sigma Search & Replace

Sigma Search & Replace

sigma-search-replace

A
100

The ultimate search & replace plugin for WordPress. Safely update text, URLs, and serialized data across your entire database with confidence.

50 No CVEs
Developer Profile

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More Developer Profile

WPCode

1 plugin · 20K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/search-replace-wpcode/build/admin.css/wp-content/plugins/search-replace-wpcode/build/admin.js
Script Paths
/wp-content/plugins/search-replace-wpcode/build/admin.js
Version Parameters
search-replace-wpcode/build/admin.css?ver=search-replace-wpcode/build/admin.js?ver=

HTML / DOM Fingerprints

JS Globals
wsrwjs
FAQ

Frequently Asked Questions about Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More