Does Search Simple Fields have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Search Simple Fields compatible with WordPress 3.2.1?

According to WordPress.org data, Search Simple Fields 0.2 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is Search Simple Fields updated?

Search Simple Fields was last updated on Nov 1, 2011. Frequent updates are generally a positive security signal.

What is Search Simple Fields's security score?

Search Simple Fields has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Search Simple Fields Security & Risk Analysis

wordpress.org/plugins/search-simple-fields

Set custom fields to apply the Wordpress Search on.

20 active installs v0.2 PHP + WP 3.2.1+ Updated Nov 1, 2011

admincustom-fieldsfieldsmedia-fieldssearch

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Search Simple Fields Safe to Use in 2026?

Generally Safe

Score 85/100

Search Simple Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "search-simple-fields" plugin v0.2 presents a mixed security picture. On the positive side, it has no known vulnerabilities in its history, a clean record regarding dangerous functions (except for one instance of `create_function`), and all its SQL queries are properly prepared, indicating good database security practices. The lack of external HTTP requests and file operations also reduces potential attack vectors. However, a significant concern is the complete absence of output escaping, meaning any data displayed to users is not sanitized, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the presence of `create_function`, while deprecated and often used in less sensitive contexts, can still be a potential gateway for code injection if misused or if user input is inadvertently passed to it.

Key Concerns

0% of outputs properly escaped
1 instance of dangerous function (create_function)
No nonce checks
No capability checks

Vulnerabilities

None known

Search Simple Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Search Simple Fields Release Timeline

v0.2Current

v0.1

Code Analysis

Analyzed Mar 16, 2026

Search Simple Fields Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);functions_post.php:60

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped12 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

search_simple_fields_options (functions_admin.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Search Simple Fields Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

filterpre_get_postsfunctions_post.php:19

filterposts_distinctfunctions_post.php:25

filterposts_joinfunctions_post.php:37

filterposts_wherefunctions_post.php:104

actionadmin_initsearch_simple_fields.php:37

actionadmin_menusearch_simple_fields.php:38

Maintenance & Trust

Search Simple Fields Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedNov 1, 2011

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Search Simple Fields Alternatives

WP-Admin Search Post Meta

wp-admin-search-meta

100

Search WordPress admin posts by custom fields (post meta) directly from the default search.

300 No CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 5 CVEs

Admin Columns

codepress-admin-columns

100

Take control of your WordPress admin list tables. Add, remove, and reorder columns for posts, users, media, and more - no coding needed.

100K No CVEs

ACF: Better Search

acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE

ACF qTranslate

acf-qtranslate

Provides qTranslate compatible ACF field types for Text, Text Area, WYSIWYG, Image and File.

9K No CVEs

Developer Profile

Search Simple Fields Developer Profile

SimonaIlie

5 plugins · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Search Simple Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/search-simple-fields/css/style.css

Version Parameters

/search-simple-fields/css/style.css?ver=

HTML / DOM Fingerprints

FAQ