Search Simple Fields Security & Risk Analysis

wordpress.org/plugins/search-simple-fields

Set custom fields to apply the Wordpress Search on.

20 active installs v0.2 PHP + WP 3.2.1+ Updated Nov 1, 2011
admincustom-fieldsfieldsmedia-fieldssearch
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Safety Verdict

Is Search Simple Fields Safe to Use in 2026?

Use With Caution

Score 63/100

Search Simple Fields has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 14yr ago
Risk Assessment

The "search-simple-fields" plugin v0.2 presents a mixed security picture. On the positive side, it has no known vulnerabilities in its history, a clean record regarding dangerous functions (except for one instance of `create_function`), and all its SQL queries are properly prepared, indicating good database security practices. The lack of external HTTP requests and file operations also reduces potential attack vectors. However, a significant concern is the complete absence of output escaping, meaning any data displayed to users is not sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the presence of `create_function`, while deprecated and often used in less sensitive contexts, can still be a potential gateway for code injection if misused or if user input is inadvertently passed to it.

Key Concerns

  • 0% of outputs properly escaped
  • 1 instance of dangerous function (create_function)
  • No nonce checks
  • No capability checks
Vulnerabilities
1 published

Search Simple Fields Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8939medium · 4.3Cross-Site Request Forgery (CSRF)

Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

May 26, 2026Unpatched
Version History

Search Simple Fields Release Timeline

v0.2Current1 CVE
v0.11 CVE
Code Analysis
Analyzed Mar 16, 2026

Search Simple Fields Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
12
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);functions_post.php:60

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped12 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
search_simple_fields_options (functions_admin.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Search Simple Fields Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filterpre_get_postsfunctions_post.php:19
filterposts_distinctfunctions_post.php:25
filterposts_joinfunctions_post.php:37
filterposts_wherefunctions_post.php:104
actionadmin_initsearch_simple_fields.php:37
actionadmin_menusearch_simple_fields.php:38
Maintenance & Trust

Search Simple Fields Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedNov 1, 2011
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Developer Profile

Search Simple Fields Developer Profile

SimonaIlie

5 plugins · 70 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Search Simple Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/search-simple-fields/css/style.css
Version Parameters
/search-simple-fields/css/style.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Search Simple Fields