WP-Safety

WP Spotlight – User Search, Post search, Media search, Quick updates Security & Risk Analysis

wordpress.org/plugins/spotlight

Find posts, users, plugins, themes, media, comments, and, manage updates from a search bar. Works on the dashboard and frontend.

20 active installs v1.1.3 PHP + WP + Updated Dec 30, 2024
admin-searchpost-content-searchquick-updateuser-searchwordpress-search
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Spotlight – User Search, Post search, Media search, Quick updates Safe to Use in 2026?

Generally Safe

Score 92/100

WP Spotlight – User Search, Post search, Media search, Quick updates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The Spotlight plugin v1.1.3 exhibits a generally strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers and REST API routes, appear to have appropriate authentication and permission checks in place, significantly reducing the risk of unauthorized access. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping, mitigating common injection vulnerabilities. The absence of any recorded vulnerabilities (CVEs) in its history further reinforces this positive assessment, suggesting a history of secure development.

However, the static analysis does reveal a couple of areas that warrant attention. Specifically, the taint analysis indicates two flows with unsanitized paths. While no critical or high severity issues were flagged, the presence of these unsanitized paths, even if they don't currently lead to exploitable vulnerabilities in this version, represents a potential weakness. Developers should thoroughly review these paths to ensure they are handled securely and do not introduce vulnerabilities in future updates or under different circumstances. The plugin also performs file operations and makes external HTTP requests, which, while not inherently insecure, are areas that typically require careful scrutiny for potential vulnerabilities like insecure file handling or data exfiltration.

Key Concerns

  • Flows with unsanitized paths
Vulnerabilities
None known

WP Spotlight – User Search, Post search, Media search, Quick updates Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Spotlight – User Search, Post search, Media search, Quick updates Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
22
102 escaped
Nonce Checks
4
Capability Checks
24
File Operations
6
External Requests
8
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

82% escaped124 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
notification_action (Inc\Classes\Notifications\Notifications.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Spotlight – User Search, Post search, Media search, Quick updates Attack Surface

Entry Points30
Unprotected0

AJAX Handlers 4

authwp_ajax_jltwp_spotlight_deactivation_surveyInc\Classes\Feedback.php:29
authwp_ajax_jltwp_spotlight_notification_actionInc\Classes\Notifications\Notifications.php:42
authwp_ajax_jltwp_spotlight_subscribeInc\Classes\Notifications\Subscribe.php:27
authwp_ajax_jltwp_spotlight_allow_collectInc\Classes\Notifications\What_We_Collect.php:27

REST API Routes 26

GET/wp-json/wpspotlight/v1/admin-menusInc\Classes\Api\AdminMenu.php:179
GET/wp-json/wpspotlight/v1/keymapsInc\Classes\Api\Keymaps.php:29
POST/wp-json/wpspotlight/v1/keymapsInc\Classes\Api\Keymaps.php:36
POST/wp-json/wpspotlight/v1/save-tour-statusInc\Classes\Api\Keymaps.php:42
GET/wp-json/wpspotlight/v1/media-searchInc\Classes\Api\MediaFiles.php:36
GET/wp-json/wpspotlight/v1/light-dark-modeInc\Classes\Api\Miscellaneous.php:36
GET/wp-json/wpspotlight/v1/light-dark-modeInc\Classes\Api\Miscellaneous.php:51
GET/wp-json/wpspotlight/v1/network-sitesInc\Classes\Api\Multisite.php:26
GET/wp-json/wpspotlight/v1/plugin-managerInc\Classes\Api\Plugins.php:33
GET/wp-json/wpspotlight/v1/deactivated-pluginsInc\Classes\Api\Plugins.php:62
GET/wp-json/wpspotlight/v1/activated-pluginsInc\Classes\Api\Plugins.php:68
GET/wp-json/wpspotlight/v1/get-all-pluginsInc\Classes\Api\Plugins.php:74
GET/wp-json/wpspotlight/v1/registered-post-typesInc\Classes\Api\PostTypes.php:29
GET/wp-json/wpspotlight/v1/posts-by-typeInc\Classes\Api\PostTypes.php:36
GET/wp-json/wpspotlight/v1/search-by-post-typesInc\Classes\Api\PostTypes.php:51
POST/wp-json/wpspotlight/v1/theme-managerInc\Classes\Api\Themes.php:34
GET/wp-json/wpspotlight/v1/get_installed_themesInc\Classes\Api\Themes.php:61
POST/wp-json/wpspotlight/v1/update-pluginInc\Classes\Api\Updates.php:39
POST/wp-json/wpspotlight/v1/update-all-pluginsInc\Classes\Api\Updates.php:63
GET/wp-json/wpspotlight/v1/plugins-with-updatesInc\Classes\Api\Updates.php:70
GET/wp-json/wpspotlight/v1/themes-with-updatesInc\Classes\Api\Updates.php:80
POST/wp-json/wpspotlight/v1/update-themeInc\Classes\Api\Updates.php:86
GET/wp-json/wpspotlight/v1/get-user-rolesInc\Classes\Api\Users.php:20
GET/wp-json/wpspotlight/v1/get-users-by-roleInc\Classes\Api\Users.php:27
GET/wp-json/wpspotlight/v1/get-users-by-emailInc\Classes\Api\Users.php:41
GET/wp-json/wpspotlight/v1/send-reset-passwordInc\Classes\Api\Users.php:67
WordPress Hooks 32
actionplugins_loadedclass-spotlight.php:46
filteradmin_body_classclass-spotlight.php:49
actioninitclass-spotlight.php:157
filterparent_fileInc\Classes\Api\AdminMenu.php:27
actionelementor/editor/after_enqueue_scriptsInc\Classes\Api\AdminMenu.php:33
actionadmin_footerInc\Classes\Api\AdminMenu.php:62
actionwp_footerInc\Classes\Api\AdminMenu.php:63
actionadmin_footerInc\Classes\Api\AdminMenu.php:88
actionwp_footerInc\Classes\Api\AdminMenu.php:89
actionwp_print_footer_scriptsInc\Classes\Api\AdminMenu.php:96
actionrest_api_initInc\Classes\Api\Keymaps.php:22
actionrest_api_initInc\Classes\Api\MediaFiles.php:19
actionadmin_enqueue_scriptsInc\Classes\Api\MediaFiles.php:20
actionrest_api_initInc\Classes\Api\Miscellaneous.php:26
actionrest_api_initInc\Classes\Api\Multisite.php:21
actionrest_api_initInc\Classes\Api\Plugins.php:23
actionrest_api_initInc\Classes\Api\PostTypes.php:24
actionrest_api_initInc\Classes\Api\Themes.php:29
actionrest_api_initInc\Classes\Api\Updates.php:29
actionrest_api_initInc\Classes\Api\Users.php:16
actionadmin_enqueue_scriptsInc\Classes\Feedback.php:27
actionadmin_footerInc\Classes\Feedback.php:28
actionadmin_noticesInc\Classes\Notifications\Notifications.php:37
actionjltwp_spotlight_display_noticeInc\Classes\Notifications\Notifications.php:39
actionjltwp_spotlight_display_popupInc\Classes\Notifications\Notifications.php:40
actionjltwp_spotlight_sheet_promo_data_resetInc\Classes\Notifications\Upgrade_Notice.php:26
actionwp_enqueue_scriptsLibs\Assets.php:27
actionadmin_enqueue_scriptsLibs\Assets.php:28
actionelementor/editor/after_enqueue_scriptsLibs\Assets.php:29
actionadmin_bar_menuLibs\Assets.php:32
filterinstall_plugins_table_api_args_featuredLibs\Featured.php:23
filterplugins_api_resultLibs\Featured.php:33
Maintenance & Trust

WP Spotlight – User Search, Post search, Media search, Quick updates Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 30, 2024
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

WP Spotlight – User Search, Post search, Media search, Quick updates Alternatives

Search Exclude

Search Exclude

search-exclude

A
93

Hide any post or page from the search results.

50K 4 CVEs
Admin Menu Search

Admin Menu Search

admin-menu-search

A
92

Admin Menu Search adds a search box filter to the top of the WordPress Admin Menu so you can easily locate items on sites with lots of menus.

3K No CVEs
Hide from Search

Hide from Search

mpress-hide-from-search

A
100

Hide individual WordPress pages from search engines and/or WordPress searches, such as confirmation and download pages.

3K No CVEs
Custom Search by BestWebSoft – WordPress Custom Search Plugin

Custom Search by BestWebSoft – WordPress Custom Search Plugin

custom-search-plugin

A
100

Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.

1K 1 CVE
Extended User Search In WP-Admin

Extended User Search In WP-Admin

extended-user-search-in-wp-admin

A
85

By default WordPress in WP-admin allows users to search only by username or email id.

1K No CVEs
Developer Profile

WP Spotlight – User Search, Post search, Media search, Quick updates Developer Profile

Liton Arefin

45 plugins · 43K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
63 days
View full developer profile
Detection Fingerprints

How We Detect WP Spotlight – User Search, Post search, Media search, Quick updates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/spotlight/assets/css/spotlight-style.css/wp-content/plugins/spotlight/assets/js/spotlight-script.js/wp-content/plugins/spotlight/assets/js/spotlight-custom.js/wp-content/plugins/spotlight/Inc/Utils/script.js
Script Paths
/wp-content/plugins/spotlight/assets/js/spotlight-script.js/wp-content/plugins/spotlight/assets/js/spotlight-custom.js/wp-content/plugins/spotlight/Inc/Utils/script.js
Version Parameters
spotlight/assets/css/spotlight-style.css?ver=spotlight/assets/js/spotlight-script.js?ver=spotlight/assets/js/spotlight-custom.js?ver=spotlight/Inc/Utils/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
spotlight-main-menuspotlight-menu-iconspotlight-custom-menu-item
Data Attributes
data-spotlight-iddata-spotlight-type
JS Globals
wp_spotlight_menuSpotlightjltwp_spotlight_data
Shortcode Output
[spotlight_display]
FAQ

Frequently Asked Questions about WP Spotlight – User Search, Post search, Media search, Quick updates