WP-Safety

SearchWP Live Ajax Search Security & Risk Analysis

wordpress.org/plugins/searchwp-live-ajax-search

Template powered live search for any WordPress theme. Does not require SearchWP, but will utilize it if available.

50K active installs v1.8.7 PHP 5.6+ WP 4.8+ Updated Dec 10, 2025
ajaxlivesearch
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 15, 2022
Plugin page Download
Safety Verdict

Is SearchWP Live Ajax Search Safe to Use in 2026?

Generally Safe

Score 98/100

SearchWP Live Ajax Search has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 15, 2022Updated 3mo ago
Risk Assessment

The "searchwp-live-ajax-search" v1.8.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and nearly all output being properly escaped. It also implements a reasonable number of capability checks and nonce checks. However, there are significant concerns regarding the attack surface, with 3 out of 4 AJAX handlers lacking authentication checks. This could expose the plugin to unauthorized actions if these handlers are exploitable.

The taint analysis reveals a "high severity" flow with unsanitized paths, which is a serious concern that could potentially lead to code execution or other severe vulnerabilities if that path is directly influenced by user input. The plugin's history of known CVEs, including a past critical vulnerability related to Remote File Inclusion and Sensitive Information Exposure, is a significant red flag. While there are no currently unpatched CVEs, this history suggests a recurring pattern of critical security flaws that require careful attention and prompt patching.

Overall, while the plugin has some strengths in code hygiene like prepared statements and output escaping, the combination of unprotected AJAX handlers, a critical taint flow, and a history of severe vulnerabilities indicates a moderate to high risk. Users should be cautious and ensure they are running the latest patched version, and vigilance is recommended due to the potential for previously discovered vulnerability types to reappear in future updates if not thoroughly addressed.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flow with unsanitized paths
  • Known CVEs (1 critical, 1 medium)
Vulnerabilities
2

SearchWP Live Ajax Search Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
1

2 total CVEs

CVE-2022-3227critical · 9.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion

Sep 15, 2022 Patched in 1.6.3 (495d)
CVE-2022-2535medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

SearchWP Live Ajax Search <= 1.6.1 - Sensitive Information Disclosure

Jul 25, 2022 Patched in 1.6.2 (547d)
Code Analysis
Analyzed Mar 16, 2026

SearchWP Live Ajax Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
5
387 escaped
Nonce Checks
3
Capability Checks
10
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

99% escaped392 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
<class-notice> (includes\class-notice.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

SearchWP Live Ajax Search Attack Surface

Entry Points5
Unprotected3

AJAX Handlers 4

authwp_ajax_searchwp_live_searchincludes\class-client.php:29
noprivwp_ajax_searchwp_live_searchincludes\class-client.php:30
authwp_ajax_searchwp_live_search_notice_dismissincludes\class-notice.php:82
authwp_ajax_searchwp_live_search_notification_dismissincludes\class-notifications.php:66

Shortcodes 1

[searchwp_form] includes\SearchForms\Frontend.php:20
WordPress Hooks 46
actionadmin_enqueue_scriptsincludes\Algorithm\EnginesPreview.php:32
filtersearchwp_live_search_settings_sub_header_itemsincludes\Algorithm\EnginesPreview.php:33
filteroption_active_pluginsincludes\class-client.php:32
filtersite_option_active_sitewide_pluginsincludes\class-client.php:33
filterexcerpt_lengthincludes\class-client.php:256
actionwp_enqueue_scriptsincludes\class-form.php:103
filterget_search_formincludes\class-form.php:105
actionwp_footerincludes\class-form.php:106
actionwp_footerincludes\class-form.php:109
filtersearchwp_live_search_hijack_get_search_formincludes\class-form.php:122
filtersearchwp_live_search_hijack_search_form_blockincludes\class-form.php:123
actionwp_enqueue_scriptsincludes\class-form.php:153
filtersearchwp_live_search_base_stylesincludes\class-form.php:169
actionadmin_initincludes\class-install.php:38
actionadmin_menuincludes\class-menu.php:38
actionsearchwp_live_search_options_submenu_pagesincludes\class-menu.php:39
actionadmin_headincludes\class-menu.php:40
actionadmin_noticesincludes\class-notice.php:81
filtersearchwp_live_search_settings_defaultsincludes\class-notifications.php:48
actionadmin_enqueue_scriptsincludes\class-notifications.php:58
actionadmin_enqueue_scriptsincludes\class-notifications.php:59
filtersearchwp_live_search_options_submenu_pagesincludes\class-notifications.php:61
actionsearchwp_live_search_settings_header_actionsincludes\class-notifications.php:63
actionsearchwp_live_search_settings_header_afterincludes\class-notifications.php:64
actioninitincludes\class-plugin.php:44
actionadmin_initincludes\class-plugin.php:45
actionwidgets_initincludes\class-plugin.php:46
actionin_admin_headerincludes\class-plugin.php:47
filtersearchwp_live_search_query_argsincludes\class-relevanssi-bridge.php:22
actionadmin_enqueue_scriptsincludes\class-settings.php:37
actionsearchwp\settings\nav\afterincludes\class-settings.php:138
actionsearchwp\settings\viewincludes\class-settings.php:158
filtersearchwp_live_search_settings_sub_header_itemsincludes\class-settings.php:169
filteradmin_footer_textincludes\class-settings.php:171
filterupdate_footerincludes\class-settings.php:173
actionadmin_print_scriptsincludes\class-settings.php:175
filtersearchwp_live_search_settings_sub_header_itemsincludes\ModalForm\ModalFormPreview.php:37
actionadmin_enqueue_scriptsincludes\ModalForm\ModalFormPreview.php:43
filterblock_categories_allincludes\SearchForms\Frontend.php:35
filterblock_categoriesincludes\SearchForms\Frontend.php:37
actionwp_enqueue_scriptsincludes\SearchForms\Frontend.php:40
filterdefault_titleincludes\SearchForms\SearchFormsView.php:39
filterdefault_contentincludes\SearchForms\SearchFormsView.php:40
filtersearchwp_live_search_settings_sub_header_itemsincludes\SearchForms\SearchFormsView.php:43
actionadmin_enqueue_scriptsincludes\SearchForms\SearchFormsView.php:44
actionadmin_initincludes\SearchForms\SearchFormsView.php:45
Maintenance & Trust

SearchWP Live Ajax Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version5.6
Downloads1.2M

Community Trust

Rating94/100
Number of ratings37
Active installs50K
Alternatives

SearchWP Live Ajax Search Alternatives

Relevanssi Live Ajax Search

Relevanssi Live Ajax Search

relevanssi-live-ajax-search

A
99

Template powered live search for any WordPress theme. Compatible with Relevanssi search!

6K 1 CVE
Advanced Product Search For WooCommerce

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs
Events Search For The Events Calendar

Events Search For The Events Calendar

events-search-addon-for-the-events-calendar

A
100

Adds an AJAX-based events search bar on any page via shortcode to quickly find any upcoming event created with The Events Calendar plugin.

3K No CVEs
Premmerce Product Search for WooCommerce

Premmerce Product Search for WooCommerce

premmerce-search

B
73

Premmerce Search makes the WooCommerce product search more flexible and efficient and gives the additional search results due to the spell correction.

1K 1 unpatched
Search Live

Search Live

search-live

A
100

Search Live supplies integrated live search facilities and advanced search features.

700 No CVEs
Developer Profile

SearchWP Live Ajax Search Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect SearchWP Live Ajax Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/searchwp-live-ajax-search/assets/styles/admin/style.css/wp-content/plugins/searchwp-live-ajax-search/assets/styles/admin/engines.css
Version Parameters
searchwp-live-ajax-search/assets/styles/admin/style.css?ver=searchwp-live-ajax-search/assets/styles/admin/engines.css?ver=

HTML / DOM Fingerprints

CSS Classes
searchwp-live-search-stylessearchwp-live-search-engines-stylesswp-content-containerswp-page-headerswp-flex--rowswp-justify-betweenswp-flex--align-cswp-flex--gap12+29 more
Data Attributes
id="extension-preview-upsell"id="extension-preview-upsell-background"id="searchwp-settings-engines"id="searchwp-engine-default"
FAQ

Frequently Asked Questions about SearchWP Live Ajax Search