WP-Safety

SearchIQ – The Search Solution Security & Risk Analysis

wordpress.org/plugins/searchiq

Our FREE plugin makes your website’s search fast and more relevant. searchIQ helps you to manage content more effectively with real-time analytics.

1K active installs v5.1 PHP + WP 3.7+ Updated Oct 3, 2025
ajax-searchautocompletebetter-searchsearchsite-search
96
A · Safe
CVEs total7
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is SearchIQ – The Search Solution Safe to Use in 2026?

Generally Safe

Score 96/100

SearchIQ – The Search Solution has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Mar 27, 2025Updated 6mo ago
Risk Assessment

The SearchIQ plugin v5.1 exhibits a mixed security posture. On the positive side, it demonstrates strong output escaping and a high percentage of SQL queries using prepared statements. The absence of critical or high severity taint flows, along with no currently unpatched CVEs, are also encouraging signs. However, significant concerns arise from the presence of two AJAX handlers lacking proper authorization checks. This creates a direct attack vector for unauthenticated users to interact with sensitive plugin functionalities. The use of the `unserialize` function, while not flagged as a critical taint flow, is inherently risky and should be a point of careful scrutiny, especially if the unserialized data originates from user input. The plugin's history of 7 CVEs, particularly with past vulnerabilities including Cross-Site Scripting, CSRF, and Missing Authorization, suggests a pattern of past security weaknesses that, while currently patched, indicate areas that require ongoing vigilance and robust development practices. The presence of unauthenticated AJAX endpoints and the historical vulnerability types are the most pressing security considerations.

Key Concerns

  • Unprotected AJAX handlers found
  • Use of dangerous function unserialize
  • History of medium/high severity CVEs
Vulnerabilities
7

SearchIQ – The Search Solution Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
3 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
6

7 total CVEs

CVE-2025-30867medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SearchIQ <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 27, 2025 Patched in 4.8 (7d)
CVE-2024-13350medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 4, 2025 Patched in 4.8 (6d)
CVE-2024-56229medium · 4.3Cross-Site Request Forgery (CSRF)

SearchIQ <= 4.6 - Cross-Site Request Forgery

Dec 19, 2024 Patched in 4.7 (21d)
CVE-2024-10885medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 3, 2024 Patched in 4.7 (1d)
CVE-2024-31259medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

SearchIQ <= 4.5 - Unauthenticated Sensitive Information Exposure

Apr 5, 2024 Patched in 4.6 (7d)
CVE-2023-47832medium · 5.3Missing Authorization

SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings

Nov 16, 2023 Patched in 4.5 (68d)
CVE-2022-0780high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting

Apr 11, 2022 Patched in 3.9 (652d)
Code Analysis
Analyzed Mar 16, 2026

SearchIQ – The Search Solution Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
48 prepared
Unescaped Output
2
692 escaped
Nonce Checks
14
Capability Checks
1
File Operations
12
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$attrs = @unserialize($rec);library\core.php:3507

Bundled Libraries

Select2

SQL Query Safety

89% prepared54 total queries

Output Escaping

100% escaped694 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths
siq_admin_ajax (library\plugin.php:877)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

SearchIQ – The Search Solution Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 2

authwp_ajax_siq_ajaxlibrary\plugin.php:113
noprivwp_ajax_siq_ajaxlibrary\plugin.php:114

Shortcodes 2

[siq_ajax_search] library\plugin.php:126
[siq_searchbox] library\shortcode.php:9
WordPress Hooks 48
actionadmin_initlibrary\core.php:415
actioninitlibrary\core.php:416
actioninitlibrary\core.php:417
actioncurrent_screenlibrary\core.php:418
actionupdate_optionlibrary\core.php:419
actiondeleted_optionlibrary\core.php:420
actionadded_optionlibrary\core.php:421
actiontransition_post_statuslibrary\hooks.php:11
actionsave_postlibrary\hooks.php:12
actionuntrash_postlibrary\hooks.php:13
actionadmin_initlibrary\hooks.php:14
actiondelete_attachmentlibrary\hooks.php:15
actiondelete_postlibrary\hooks.php:16
actionadmin_menulibrary\plugin.php:109
actionadmin_enqueue_scriptslibrary\plugin.php:110
actionwp_enqueue_scriptslibrary\plugin.php:111
actionwp_headlibrary\plugin.php:117
filterthe_postslibrary\plugin.php:119
actionpre_get_postslibrary\plugin.php:120
actiontemplate_redirectlibrary\plugin.php:121
filterscript_loader_taglibrary\plugin.php:123
filterbody_classlibrary\plugin.php:125
actionadmin_initlibrary\plugin.php:128
actionadmin_noticeslibrary\plugin.php:129
actionadmin_noticeslibrary\plugin.php:130
actionadmin_noticeslibrary\plugin.php:131
actionplugins_loadedlibrary\plugin.php:132
filter_siq_check_facets_errorlibrary\plugin.php:134
actionwp_footerlibrary\plugin.php:136
actioninitlibrary\plugin.php:161
actioninitlibrary\plugin.php:162
filterquery_varslibrary\plugin.php:164
filterthe_postslibrary\plugin.php:165
actionwoocommerce_product_set_stock_statuslibrary\plugin.php:169
actionwoocommerce_variation_set_stock_stocklibrary\plugin.php:170
actionupdated_post_metalibrary\plugin.php:172
actionadded_post_metalibrary\plugin.php:173
filterposts_clauseslibrary\plugin.php:595
filterupload_mimeslibrary\plugin.php:793
filterwp_die_ajax_handlerlibrary\plugin.php:888
actionsiq_delta_sync_cronlibrary\plugin.php:2868
actionsiq_delta_sync_cron_stoplibrary\plugin.php:2869
actionwidgets_initlibrary\shortcode.php:7
action_siq_settings_update_noticetemplates\backend\appearance-autocomplete.php:49
action_siq_settings_update_noticetemplates\backend\appearance-mobile.php:59
action_siq_settings_update_noticetemplates\backend\appearance.php:88
action_siq_settings_update_noticetemplates\backend\facets.php:51
action_siq_settings_update_noticetemplates\backend\optionsPage.php:155

Scheduled Events 2

siq_delta_sync_cron
siq_delta_sync_cron_stop
Maintenance & Trust

SearchIQ – The Search Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 3, 2025
PHP min version
Downloads94K

Community Trust

Rating98/100
Number of ratings198
Active installs1K
Alternatives

SearchIQ – The Search Solution Alternatives

Advanced Product Search For WooCommerce

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs
Site Search 360

Site Search 360

site-search-360

B
77

Precise and fast search, autocompletion, and search suggestions for your WordPress page.

400 1 unpatched
WP Fastest Site Search

WP Fastest Site Search

wp-fastest-site-search

A
100

Replace the default search with ExpertRec's powerful and fully customizable WordPress search plugin.

100 No CVEs
Audible Site Search

Audible Site Search

audible-site-search

A
100

Audible Site Search adds voice-powered search and AJAX search suggestions to your WordPress site.

90 No CVEs
Yext AI Search

Yext AI Search

yext-ai-search

A
100

Add the world's best search experience to your website in minutes.

30 No CVEs
Developer Profile

SearchIQ – The Search Solution Developer Profile

SearchIQ

2 plugins · 1K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
109 days
View full developer profile
Detection Fingerprints

How We Detect SearchIQ – The Search Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/searchiq/library/js/siq_search.js/wp-content/plugins/searchiq/library/js/siq_autocomplete.js/wp-content/plugins/searchiq/library/js/siq_analytics.js/wp-content/plugins/searchiq/library/css/siq_style.css/wp-content/plugins/searchiq/library/css/siq_admin.css
Script Paths
//api.searchiq.co/v1/siq.js
Version Parameters
searchiq/style.css?ver=siq_search.js?ver=siq_autocomplete.js?ver=siq_analytics.js?ver=

HTML / DOM Fingerprints

CSS Classes
siq-search-wrappersiq-autocomplete-wrappersiq-search-resultssiq-facet-wrappersiq-search-input
HTML Comments
<!-- siq-search-container --><!-- siq_admin_notice --><!-- SearchIQ Notice -->
Data Attributes
data-searchiq-site-iddata-searchiq-engine-codedata-searchiq-search-urldata-searchiq-input-iddata-searchiq-is-admindata-siq-nonce
JS Globals
window.siq_analyticswindow.SearchIQvar SIQ_BASE_URLvar SIQ_ADMIN_URLvar SIQ_BASE_PATHvar SIQ_PLUGIN_VERSION+2 more
REST Endpoints
/wp-json/searchiq/v1/search
Shortcode Output
[siq_ajax_search
FAQ

Frequently Asked Questions about SearchIQ – The Search Solution