Does Site Search 360 have any unpatched vulnerabilities?

Yes — Site Search 360 currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Site Search 360 compatible with WordPress 6.9.4?

According to WordPress.org data, Site Search 360 2.1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Site Search 360 compatible with PHP 5.2.4+?

Site Search 360 requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Site Search 360 updated?

Site Search 360 was last updated on Feb 4, 2026. Frequent updates are generally a positive security signal.

What is Site Search 360's security score?

Site Search 360 has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Site Search 360 Security Review — Score 77/100 (generally safe)

Safety Verdict

Is Site Search 360 Safe to Use in 2026?

Mostly Safe

Score 77/100

Site Search 360 is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Apr 16, 2025Updated 1mo ago

Risk Assessment

The "site-search-360" v2.1.8 plugin exhibits a concerning security posture due to a combination of code analysis findings and its vulnerability history. While the absence of dangerous functions and file operations is positive, the significant portion of SQL queries lacking prepared statements (100%) is a major red flag for SQL injection vulnerabilities. Furthermore, only 26% of output is properly escaped, increasing the risk of Cross-Site Scripting (XSS) attacks. The presence of an unprotected AJAX handler, despite the plugin having fewer total entry points, presents a direct and easily exploitable attack vector.

The vulnerability history reinforces these concerns, with two known medium-severity CVEs, one of which remains unpatched. The historical pattern of CSRF and XSS vulnerabilities indicates a recurring weakness in input validation and output sanitization, which aligns with the current code analysis. The lack of capability checks on any entry points is also a significant weakness, potentially allowing unauthorized users to trigger plugin functionalities.

In conclusion, while the plugin has some strengths like a relatively small attack surface and a low number of external HTTP requests, the prevalence of unescaped output, unsanitized SQL queries, an unprotected AJAX handler, and an unpatched CVE paint a picture of a plugin that requires immediate attention to address critical security flaws. The vulnerability history suggests a pattern of neglect in secure coding practices, necessitating a thorough review and remediation.

Key Concerns

Unpatched CVE
100% SQL queries without prepared statements
Low output escaping percentage (26%)
AJAX handler without auth checks
No capability checks on entry points
Flows with unsanitized paths
Medium severity CVEs (2 total)

Vulnerabilities

2

Site Search 360 Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2

2 total CVEs

CVE-2025-39530medium · 6.1Cross-Site Request Forgery (CSRF)

Site Search 360 <= 2.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 16, 2025Unpatched

CVE-2024-11780medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 31, 2025 Patched in 2.1.7 (1d)

Code Analysis

Analyzed Mar 16, 2026

Site Search 360 Code Analysis

Dangerous Functions

0

Raw SQL Queries

3

0 prepared

Unescaped Output

142

49 escaped

Nonce Checks

12

Capability Checks

0

File Operations

0

External Requests

1

Bundled Libraries

0

SQL Query Safety

0% prepared3 total queries

Output Escaping

26% escaped191 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths

sitesearch360Index (class-sitesearch360-plugin.php:323)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Site Search 360 Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 2

authwp_ajax_ss360_indexclass-sitesearch360-plugin.php:49

authwp_ajax_ss360_reviewclass-sitesearch360-plugin.php:52

Shortcodes 4

[ss360-searchbox] class-sitesearch360-plugin.php:64

[ss360-searchbutton] class-sitesearch360-plugin.php:65

[ss360-form] class-sitesearch360-plugin.php:66

[ss360-resultblock] class-sitesearch360-plugin.php:67

WordPress Hooks 16

actionadmin_menuclass-sitesearch360-plugin.php:24

actionadmin_initclass-sitesearch360-plugin.php:25

actionfuture_to_publishclass-sitesearch360-plugin.php:33

actionsave_postclass-sitesearch360-plugin.php:36

actiontransition_post_statusclass-sitesearch360-plugin.php:39

actiontrashed_postclass-sitesearch360-plugin.php:42

actionwp_enqueue_scriptsclass-sitesearch360-plugin.php:46

actionadmin_enqueue_scriptsclass-sitesearch360-plugin.php:48

actionplugins_loadedclass-sitesearch360-plugin.php:50

filterthe_postsclass-sitesearch360-plugin.php:56

filterplugin_action_linksclass-sitesearch360-plugin.php:58

filterwp_nav_menu_itemsclass-sitesearch360-plugin.php:59

filterrocket_minify_excluded_external_jsclass-sitesearch360-plugin.php:60

filterrocket_exclude_defer_jsclass-sitesearch360-plugin.php:61

actionwidgets_initclass-sitesearch360-plugin.php:68

actionwp_footerclass-sitesearch360-plugin.php:794

Maintenance & Trust

Site Search 360 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 4, 2026

PHP min version5.2.4

Downloads29K

Community Trust

Rating100/100

Number of ratings7

Active installs400

Alternatives

Site Search 360 Alternatives

Custom Search by BestWebSoft – WordPress Custom Search Plugin

custom-search-plugin

A

100

Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.

1K 1 CVE

SearchIQ – The Search Solution

searchiq

A

96

Our FREE plugin makes your website’s search fast and more relevant. searchIQ helps you to manage content more effectively with real-time analytics.

1K 7 CVEs

Swiftype Site Search Plugin for WordPress

swiftype-search

A

85

Fast, intelligent, and fully customizable search for your site.

500 No CVEs

Bing Custom Search for WordPress

wp-bing-search

A

85

Improve the search functionality on your site by using Bing Custom Search for WordPress.

40 No CVEs

WP Full Screen Search

wp-full-screen-search

A

92

This plugin converts default WordPress search to full screen search overlay form on your WordPress website.

40 No CVEs

Developer Profile

Site Search 360 Developer Profile

dsky

10 plugins · 490 total installs

90

trust score

Avg Security Score

86/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Site Search 360

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/site-search-360/css/style.css/wp-content/plugins/site-search-360/js/search.js/wp-content/plugins/site-search-360/js/admin.js

Script Paths

/wp-content/plugins/site-search-360/js/search.js/wp-content/plugins/site-search-360/js/admin.js

Version Parameters

site-search-360/style.css?ver=site-search-360/search.js?ver=

HTML / DOM Fingerprints

CSS Classes

ss360-searchboxss360-searchbuttonss360-search-formss360-search-results-blockss360-search-menu-item

Data Attributes

data-ss360-includedata-ss360-excludedata-ss360-include-suggestdata-ss360-exclude-suggestdata-ss360-keep-placeholderdata-ss360

Shortcode Output

<input class="ss360-searchbox"<button class="ss360-searchbutton"<form role="search" method="get" class="ss360-search-form search-form"<section role="search" class="ss360-search-form"

FAQ

Site Search 360 Security & Risk Analysis