WP-Safety

Smart WooCommerce Search Security & Risk Analysis

wordpress.org/plugins/smart-woocommerce-search

Ideal Product Search plugin for WooCommerce shops that enhances users' experience with a live search feature.

6K active installs v2.15.2 PHP 7.0+ WP 5.9+ Updated Oct 15, 2025
ajax-searchproduct-searchsearchsearch-by-skuwoocommerce-search
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 18, 2023
Plugin page Download
Safety Verdict

Is Smart WooCommerce Search Safe to Use in 2026?

Generally Safe

Score 100/100

Smart WooCommerce Search has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 18, 2023Updated 5mo ago
Risk Assessment

The "smart-woocommerce-search" plugin v2.15.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. It also includes a reasonable number of nonce and capability checks, and importantly, there are no critical or high-severity vulnerabilities reported in its history, with the last reported issue being a medium severity one from April 2023 which is now patched. The taint analysis showing zero flows is also a strong indicator of secure coding regarding data sanitization.

However, several areas raise concerns. The attack surface is notable with 9 entry points, and a significant portion (3 out of 9) are unprotected. Specifically, 2 AJAX handlers and 1 REST API route lack proper authorization checks. This could allow unauthenticated users to interact with sensitive functionalities. While the code signals do not indicate dangerous functions or file operations, the presence of bundled libraries like Select2 and Freemius v1.0 could pose a risk if they are outdated or contain known vulnerabilities, though no specific issues are highlighted for them in the provided data.

In conclusion, while the plugin has made strides in security with its SQL and output handling, the unprotected entry points present a tangible risk. The history of a past medium-severity vulnerability, although patched, suggests that authorization issues have been present. Developers should prioritize securing all AJAX handlers and REST API routes to mitigate the risk of unauthorized access and further enhance the overall security of the plugin.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 1 REST API route without permission callbacks
  • Past medium severity vulnerability (2023-04-18)
  • Bundled library (Freemius v1.0)
Vulnerabilities
1

Smart WooCommerce Search Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-30783medium · 5.4Missing Authorization

Smart WooCommerce Search <= 2.5.0 - Missing Authorization

Apr 18, 2023 Patched in 2.5.1 (280d)
Code Analysis
Analyzed Mar 16, 2026

Smart WooCommerce Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
22
224 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

100% prepared1 total queries

Output Escaping

91% escaped246 total outputs
Attack Surface
3 unprotected

Smart WooCommerce Search Attack Surface

Entry Points9
Unprotected3

AJAX Handlers 4

authwp_ajax_sws_promo_dismissinc\admin\admin.php:9
authwp_ajax_sws_notice_dismissinc\admin\admin.php:10
authwp_ajax_ysm_widget_deleteinc\custom\class-ysm-widget-manager.php:41
authwp_ajax_ysm_widget_duplicateinc\custom\class-ysm-widget-manager.php:42

REST API Routes 1

GET/wp-json/ysm/v1searchinc\custom\rest.php:11

Shortcodes 4

[smart_search] inc\custom\class-ysm-widget-manager.php:45
[et_pb_section] inc\elements\excerpt.php:30
[et_pb_row] inc\elements\excerpt.php:33
[et_pb_column] inc\elements\excerpt.php:36
WordPress Hooks 40
actionadmin_initinc\admin\admin.php:4
actionadmin_menuinc\admin\admin.php:5
filteradmin_titleinc\admin\admin.php:7
actionadmin_noticesinc\admin\admin.php:20
filteryummywp_app_versioninc\app.php:12
actionplugins_loadedinc\app.php:22
filterelementor/widgets/widgets_registeredinc\compat\compat-elementor.php:4
filterrender_blockinc\compat\compat-gutenberg.php:4
filterpre_render_blockinc\compat\compat-gutenberg.php:5
filterquery_loop_block_query_varsinc\compat\compat-gutenberg.php:43
filterquery_loop_block_query_varsinc\compat\compat-gutenberg.php:45
filterinitinc\compat\compat-visual-composer.php:4
filterposts_fieldsinc\custom\class-ysm-db.php:72
filterposts_joininc\custom\class-ysm-db.php:73
filterposts_whereinc\custom\class-ysm-db.php:74
filterposts_orderbyinc\custom\class-ysm-db.php:75
filterposts_groupbyinc\custom\class-ysm-db.php:76
actionpre_get_postsinc\custom\class-ysm-search.php:67
actionwpinc\custom\class-ysm-search.php:69
filterfound_postsinc\custom\class-ysm-search.php:70
filterthe_titleinc\custom\class-ysm-search.php:72
filterget_the_excerptinc\custom\class-ysm-search.php:73
filterthe_contentinc\custom\class-ysm-search.php:74
actionwidgets_initinc\custom\class-ysm-widget-manager.php:48
actionadmin_initinc\custom\class-ysm-widget-manager.php:50
filterget_search_queryinc\custom\hooks.php:4
filterwoocommerce_redirect_single_search_resultinc\custom\hooks.php:5
actionrest_api_initinc\custom\rest.php:4
filterrest_post_dispatchinc\custom\rest.php:74
actionadmin_enqueue_scriptsinc\custom\scripts.php:4
actionadmin_enqueue_scriptsinc\custom\scripts.php:5
actionwp_enqueue_scriptsinc\custom\scripts.php:6
filterhide_freemius_powered_byinc\fs.php:42
filterconnect_message_on_updateinc\fs.php:88
filterconnect_messageinc\fs.php:89
filteryummywp_app_versioninc\index.php:12
actionplugins_loadedinc\index.php:22
actionadmin_noticesindex.php:34
actionplugins_loadedindex.php:71
actionbefore_woocommerce_initindex.php:84
Maintenance & Trust

Smart WooCommerce Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 15, 2025
PHP min version7.0
Downloads394K

Community Trust

Rating88/100
Number of ratings24
Active installs6K
Alternatives

Smart WooCommerce Search Alternatives

FiboSearch – Ajax Search for WooCommerce

FiboSearch – Ajax Search for WooCommerce

ajax-search-for-woocommerce

A
96

The most popular WooCommerce product search plugin. Gives your users a well-designed advanced AJAX search bar with live search suggestions.

100K 3 CVEs
Dragonfly – Advanced Live Search

Dragonfly – Advanced Live Search

dragonfly

A
100

Search Any Post Type Or Taxonomy

0 No CVEs
Jetpack Search

Jetpack Search

jetpack-search

A
100

Easily add cloud-powered instant search and filters to your website or WooCommerce store with advanced algorithms that boost your search results based &hellip;

5K No CVEs
Advanced Product Search For WooCommerce

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs
Magnify – Suggestive Search Plugin

Magnify – Suggestive Search Plugin

magnify-suggestive-search

A
100

Real-time search suggestions that display relevant results as users type. Easy to customize, fast, and responsive on all devices.

3K No CVEs
Developer Profile

Smart WooCommerce Search Developer Profile

YummyWP

1 plugin · 6K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
280 days
View full developer profile
Detection Fingerprints

How We Detect Smart WooCommerce Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-woocommerce-search/assets/dist/css/general.css
Version Parameters
smart-woocommerce-search/assets/dist/css/general.css?ver=

HTML / DOM Fingerprints

CSS Classes
sws-search-block-defaultsws-search-block-productysm-search-widget-fusion-search-form
Data Attributes
data-widget-options
JS Globals
smart_search_params
REST Endpoints
/wp-json/ysm/v1/search
FAQ

Frequently Asked Questions about Smart WooCommerce Search