WP-Safety

Search with Typesense Security & Risk Analysis

wordpress.org/plugins/search-with-typesense

Lightning fast seagrch for your WordPress site, powered by Typesense.

600 active installs v2.1.0 PHP 7.4+ WP 6.8+ Updated Mar 4, 2026
autocompleteinstant-searchlightning-fastsearchtypesense
99
A · Safe
CVEs total2
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Search with Typesense Safe to Use in 2026?

Generally Safe

Score 99/100

Search with Typesense has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 5, 2025Updated 1mo ago
Risk Assessment

The "search-with-typesense" plugin v2.1.0 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A large number of AJAX handlers (13 out of 13) lack authentication checks, presenting a substantial risk for unauthorized actions. The absence of taint analysis data for this version makes it difficult to assess specific input sanitization weaknesses directly, but the historical vulnerability data suggests a pattern of past issues, including Cross-site Scripting and Path Traversal, which are often related to insufficient input validation and handling. Although there are currently no unpatched CVEs, the plugin has a history of medium and low severity vulnerabilities, with its last recorded vulnerability in June 2025. This suggests that while vulnerabilities have been addressed in the past, the underlying code may still have latent weaknesses that could be exploited, especially in combination with the unprotected entry points.

Key Concerns

  • AJAX handlers without auth checks
  • 13 unprotected AJAX handlers
  • History of medium and low severity CVEs
  • Bundled Select2 library
  • Unsanitized output detected (25%)
Vulnerabilities
2

Search with Typesense Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1
Low
1

2 total CVEs

CVE-2025-49304medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Search with Typesense <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 2.0.11 (7d)
CVE-2025-26876low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Search with Typesense <= 2.0.8 - Authenticated (Admin+) Path Traversal

Feb 22, 2025 Patched in 2.0.9 (10d)
Code Analysis
Analyzed Mar 16, 2026

Search with Typesense Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
72 escaped
Nonce Checks
2
Capability Checks
5
File Operations
21
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

75% escaped96 total outputs
Attack Surface
13 unprotected

Search with Typesense Attack Surface

Entry Points15
Unprotected13

AJAX Handlers 13

authwp_ajax_getCMTypesenseAdminSettingsincludes\Backend\Admin.php:87
authwp_ajax_getCMTypesenseSearchConfigincludes\Backend\Admin.php:88
authwp_ajax_saveCMTypesenseAdminSettingsincludes\Backend\Admin.php:90
authwp_ajax_saveCMTypesenseSearchConfigSettingsincludes\Backend\Admin.php:91
authwp_ajax_cmswtGetSchemaDetailincludes\Backend\Admin.php:94
authwp_ajax_CMTypesenseDropCollectionincludes\Backend\Admin.php:97
authwp_ajax_CMTypesenseBulkImportincludes\Backend\Admin.php:100
authwp_ajax_CMTypesenseDeleteFileincludes\Backend\Admin.php:103
authwp_ajax_cm_typesense_get_log_filesincludes\Backend\AdminAjaxHandler.php:20
authwp_ajax_cm_typesense_view_log_fileincludes\Backend\AdminAjaxHandler.php:21
authwp_ajax_cm_typesense_get_site_infoincludes\Backend\AdminAjaxHandler.php:22
authwp_ajax_cm_typesense_delete_all_log_filesincludes\Backend\AdminAjaxHandler.php:23
authwp_ajax_cm_typesense_get_addonsincludes\Backend\AdminAjaxHandler.php:26

Shortcodes 2

[cm_typesense_search] includes\Main\Shortcodes.php:28
[cm_typesense_autocomplete] includes\Main\Shortcodes.php:29
WordPress Hooks 35
actionadmin_menuincludes\Backend\Admin.php:80
actionadmin_enqueue_scriptsincludes\Backend\Admin.php:81
actionadmin_enqueue_scriptsincludes\Backend\Admin.php:82
filterplugin_action_links_search-with-typesense/codemanas-typesense.phpincludes\Backend\Admin.php:85
actioncustomize_registerincludes\Backend\Customizer.php:27
actioncustomize_preview_initincludes\Backend\Customizer.php:28
actioncustomize_controls_enqueue_scriptsincludes\Backend\Customizer.php:29
actionadmin_noticesincludes\Bootstrap.php:38
actionplugins_loadedincludes\Bootstrap.php:45
actioninitincludes\Bootstrap.php:99
actioninitincludes\Bootstrap.php:100
actionelementor/elements/categories_registeredincludes\Elementor\Elementor.php:16
actionelementor/widgets/registerincludes\Elementor\Elementor.php:17
actionwp_enqueue_scriptsincludes\Frontend\Frontend.php:20
actionwp_footerincludes\Frontend\Frontend.php:21
filterget_search_formincludes\Frontend\Frontend.php:29
filterrender_blockincludes\Frontend\Frontend.php:30
actionwp_footerincludes\Frontend\Frontend.php:35
actioninitincludes\Main\EventListener.php:26
actionwp_after_insert_postincludes\Main\EventListener.php:28
actiondelete_postincludes\Main\EventListener.php:29
actionwp_trash_postincludes\Main\EventListener.php:30
actionsaved_termincludes\Main\EventListener.php:33
actioncm_typesense_instant_search_results_outputincludes\Main\TemplateHooks.php:16
actioncm_typesense_instant_search_results_outputincludes\Main\TemplateHooks.php:17
actioncm_typesense_instant_search_results_outputincludes\Main\TemplateHooks.php:19
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:22
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:23
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:25
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:27
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:29
actioncm_typesense_instant_search_headerincludes\Main\TemplateHooks.php:31
actioncm_typesense_instant_search_results_main_panel_bodyincludes\Main\TemplateHooks.php:34
actioncm_typesense_instant_search_results_main_panel_bodyincludes\Main\TemplateHooks.php:35
actioncli_initincludes\WPCLI\WPCLI.php:20
Maintenance & Trust

Search with Typesense Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 4, 2026
PHP min version7.4
Downloads23K

Community Trust

Rating100/100
Number of ratings11
Active installs600
Alternatives

Search with Typesense Alternatives

CelerSearch

CelerSearch

celersearch

A
100

Extends WordPress search with a powerful MeiliSearch integration for lightning-fast, typo-tolerant search results.

0 No CVEs
Awesome Instant Search

Awesome Instant Search

awesome-instant-search

A
100

Awesome Instant Search integrate Instant Search to ANY wordpress website.

10 No CVEs
Convertopia Smart Search

Convertopia Smart Search

convertopia-smart-search

A
100

Convertopia is a smart site search tool an all-in-one solution to boost conversion, profit retailers, and improve shopping experience.

0 No CVEs
WP Search with Algolia

WP Search with Algolia

wp-search-with-algolia

A
100

Use the power of Algolia AI Search & Discovery to enhance your website's search. Enable AI-powered Autocomplete and InstantSearch for fast, a &hellip;

7K No CVEs
Advanced Product Search For WooCommerce

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs
Developer Profile

Search with Typesense Developer Profile

CodeManas

15 plugins · 2K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect Search with Typesense

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/search-with-typesense/assets/css/admin-style.css/wp-content/plugins/search-with-typesense/assets/css/admin-style.min.css/wp-content/plugins/search-with-typesense/assets/js/admin.js/wp-content/plugins/search-with-typesense/assets/js/admin.min.js/wp-content/plugins/search-with-typesense/assets/js/frontend.js/wp-content/plugins/search-with-typesense/assets/js/frontend.min.js/wp-content/plugins/search-with-typesense/assets/css/frontend-style.css/wp-content/plugins/search-with-typesense/assets/css/frontend-style.min.css
Script Paths
/wp-content/plugins/search-with-typesense/assets/js/admin.js/wp-content/plugins/search-with-typesense/assets/js/frontend.js
Version Parameters
search-with-typesense/assets/css/admin-style.css?ver=search-with-typesense/assets/css/admin-style.min.css?ver=search-with-typesense/assets/js/admin.js?ver=search-with-typesense/assets/js/admin.min.js?ver=search-with-typesense/assets/js/frontend.js?ver=search-with-typesense/assets/js/frontend.min.js?ver=search-with-typesense/assets/css/frontend-style.css?ver=search-with-typesense/assets/css/frontend-style.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
cm-typesense-admin-settings-wrap
Data Attributes
data-typesense-admin-url
JS Globals
window.codemanasTypesenseAdminwindow.CodemanasTypesenseFrontend
REST Endpoints
/wp-json/codemanas-typesense/v1/settings/wp-json/codemanas-typesense/v1/search-config/wp-json/codemanas-typesense/v1/schema-details/wp-json/codemanas-typesense/v1/drop-collection/wp-json/codemanas-typesense/v1/bulk-import/wp-json/codemanas-typesense/v1/delete-log-file
FAQ

Frequently Asked Questions about Search with Typesense