Does Search Widget and WP REST Server for Toolset Types have any unpatched vulnerabilities?

No. All known vulnerabilities in Search Widget and WP REST Server for Toolset Types have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Search Widget and WP REST Server for Toolset Types compatible with WordPress 4.6.30?

According to WordPress.org data, Search Widget and WP REST Server for Toolset Types 2.2.1 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

What is Search Widget and WP REST Server for Toolset Types's security score?

Search Widget and WP REST Server for Toolset Types has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Search Widget and WP REST Server for Toolset Types Security & Risk Analysis

wordpress.org/plugins/search-types-custom-fields-widget

Search Types custom posts for posts that have user specified values for Types custom fields.

10 active installs v2.2.1 PHP + WP 3.6+ Updated Nov 10, 2016

custom-fieldssearch

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Search Widget and WP REST Server for Toolset Types Safe to Use in 2026?

Generally Safe

Score 85/100

Search Widget and WP REST Server for Toolset Types has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The plugin "search-types-custom-fields-widget" v2.2.1 exhibits a mixed security posture. On one hand, it has a clean vulnerability history with no recorded CVEs, suggesting good development practices or infrequent exploitation. The taint analysis also shows no critical or high-severity unsanitized flows, which is a positive sign. However, the static analysis reveals significant areas of concern. A substantial portion of the attack surface, specifically 4 out of 5 entry points (AJAX handlers), lacks authentication checks. This creates a broad vulnerability for attackers to potentially exploit these unprotected handlers. Furthermore, the plugin uses the dangerous `unserialize` function three times, which can lead to remote code execution if data being unserialized comes from untrusted sources. The low percentage of properly escaped output (6%) is also a concern, potentially leading to cross-site scripting (XSS) vulnerabilities. While the absence of known vulnerabilities is encouraging, the presence of unprotected AJAX handlers and the use of `unserialize` without evident sanitization presents a notable risk that requires attention.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
Low output escaping percentage
Limited capability checks

Vulnerabilities

None known

Search Widget and WP REST Server for Toolset Types Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Search Widget and WP REST Server for Toolset Types Code Analysis

Dangerous Functions

Raw SQL Queries

43 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized = unserialize( $value );search-types-custom-fields-widget.php:827

unserialize$unserialized = unserialize( $result->meta_value );search-types-custom-fields-widget.php:1501

unserialize$unserialized = unserialize( $value );search-types-custom-fields-widget.php:2205

SQL Query Safety

67% prepared64 total queries

Output Escaping

6% escaped96 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<search-types-custom-fields-widget> (search-types-custom-fields-widget.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Search Widget and WP REST Server for Toolset Types Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_mcst_get_mcst_settingstypes-wp-rest-api.php:544

noprivwp_ajax_mcst_get_mcst_settingstypes-wp-rest-api.php:545

authwp_ajax_mcst_get_wp_settingstypes-wp-rest-api.php:547

noprivwp_ajax_mcst_get_wp_settingstypes-wp-rest-api.php:555

Shortcodes 1

[stcfw_inline_search_results] search-types-custom-fields-widget.php:2430

WordPress Hooks 17

actionadmin_noticessearch-types-custom-fields-widget-loader.php:20

actionplugins_loadedsearch-types-custom-fields-widget.php:993

actionwidgets_initsearch-types-custom-fields-widget.php:997

filterposts_wheresearch-types-custom-fields-widget.php:1001

actionadmin_enqueue_scriptssearch-types-custom-fields-widget.php:1311

actionwp_enqueue_scriptssearch-types-custom-fields-widget.php:1881

actionparse_querysearch-types-custom-fields-widget.php:1891

filterpost_limitssearch-types-custom-fields-widget.php:1909

actionafter_setup_themesearch-types-custom-fields-widget.php:1916

actiontemplate_redirectsearch-types-custom-fields-widget.php:1918

actionwp_enqueue_scriptssearch-types-custom-fields-widget.php:2331

filterget_search_querysearch-types-custom-fields-widget.php:2405

actionwp_enqueue_scriptssearch-types-custom-fields-widget.php:2414

actionplugins_loadedsearch-types-custom-fields-widget.php:2475

filterposts_clauses_requesttypes-wp-rest-api.php:145

actionrest_api_inittypes-wp-rest-api.php:430

filterrest_prepare_post_typetypes-wp-rest-api.php:532

Maintenance & Trust

Search Widget and WP REST Server for Toolset Types Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 10, 2016

PHP min version

Downloads6K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Search Widget and WP REST Server for Toolset Types Alternatives

ACF: Better Search

acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE

Custom Search by BestWebSoft – WordPress Custom Search Plugin

custom-search-plugin

100

Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.

1K 1 CVE

MB FacetWP Integration

meta-box-facetwp-integrator

100

Integrates Meta Box custom fields with FacetWP. Make custom fields filterable.

600 No CVEs

WP-Admin Search Post Meta

wp-admin-search-meta

Enables searching post meta fields on admin pages.

300 No CVEs

ACF Advanced Search

acf-advanced-search

Advanced search for the Advanced Custom Fields plugin (Free & Pro).

70 No CVEs

Developer Profile

Search Widget and WP REST Server for Toolset Types Developer Profile

Magenta Cuda

4 plugins · 40 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Search Widget and WP REST Server for Toolset Types

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/search-types-custom-fields-widget/css/select2.css/wp-content/plugins/search-types-custom-fields-widget/js/select2.js/wp-content/plugins/search-types-custom-fields-widget/js/widget.js

Script Paths

/wp-content/plugins/search-types-custom-fields-widget/js/select2.js/wp-content/plugins/search-types-custom-fields-widget/js/widget.js

Version Parameters

search-types-custom-fields-widget/css/select2.css?ver=search-types-custom-fields-widget/js/select2.js?ver=search-types-custom-fields-widget/js/widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

scpbcfw-search-fields-formscpbcfw-search-post-typesearch_types_custom_fields_widget

HTML Comments

 widget() emits a form to select a post type which sends an AJAX request for the search form for the selected post type

 Copyright 2013  Magenta Cuda

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as 
    published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 Project IV: Search Widget and WP REST Server for Toolset Types

    There are 3 modes that this widget can be run in:
    Classic mode                    - the search results HTML is generated entirely by the PHP backend server, no longer being developed, retained for backward compatibility.
    Backbone.js mode                - the search results HTML is generated by the PHP backend server populating frontend Backbone.js collections which the Javascript frontend
                                    - client uses to render Backbone.js templates, no longer being developed, retained for backward compatibility.
    Backbone.js with Bootstrap mode - the above Backbone.js mode styled with Twitter Bootstrap 3 CSS, under active development.
                                    - Version 2 will extend this mode to support generic (i.e., not just search results) Backbone.js web pages, by providing additional
                                    - (not by search) ways to populate Backbone.js collections and render those collections using Backbone.js templates, i.e., a generic
                                    - Backbone.js framework for displaying Types custom fields.

 start of user configurable constants

+3 more

Data Attributes

data-stcfw-search-types-custom-fields-widget-numberdata-stcfw-search-post-type-noncedata-stcfw-search-custom-taxonomy-nonce

JS Globals

Search_Types_Custom_Fields_Widget

FAQ