Does Spotlight Search – Search Assistant Plugin for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Spotlight Search – Search Assistant Plugin for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Spotlight Search – Search Assistant Plugin for WordPress compatible with WordPress 6.1.10?

According to WordPress.org data, Spotlight Search – Search Assistant Plugin for WordPress 1.0.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Spotlight Search – Search Assistant Plugin for WordPress compatible with PHP 7.4+?

Spotlight Search – Search Assistant Plugin for WordPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Spotlight Search – Search Assistant Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/spotlight-search

Spotlight-Search is a WordPress Search plugin, inspired from Spotlight from Apple computers. SPOTLIGHT-Search opens up the search bar, as soon as you …

0 active installs v1.0.0 PHP 7.4+ WP 5.2+ Updated Nov 5, 2022

ajaxassistanthelpersearchspotlight

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Spotlight Search – Search Assistant Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Spotlight Search – Search Assistant Plugin for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "spotlight-search" plugin v1.0.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and avoiding dangerous functions, file operations, and external HTTP requests. The absence of any known vulnerabilities (CVEs) in its history is also a strong positive indicator. However, there are significant concerns regarding its attack surface. A notable four out of nine AJAX handlers lack proper authentication checks, presenting a clear entry point for potential unauthorized actions. While taint analysis shows no critical or high severity issues with unsanitized paths, the lack of robust authentication on a substantial portion of its AJAX endpoints could still lead to exploitation if malicious input is processed without sufficient validation.

The plugin's vulnerability history is clean, which is encouraging and suggests a developer attentive to security. This, combined with the use of prepared statements and good output escaping (70%), indicates a foundational understanding of secure coding. Nevertheless, the unprotected AJAX handlers represent a weakness that, if exploited, could compromise site functionality or data. A balanced conclusion is that while "spotlight-search" v1.0.0 avoids many common pitfalls, the unprotected AJAX endpoints are a critical area requiring immediate attention to prevent potential security breaches.

Key Concerns

Unprotected AJAX handlers
Moderate output escaping

Vulnerabilities

None known

Spotlight Search – Search Assistant Plugin for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Spotlight Search – Search Assistant Plugin for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

209

492 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

70% escaped701 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

csf_export (includes\codestar-framework\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Spotlight Search – Search Assistant Plugin for WordPress Attack Surface

Entry Points9

Unprotected4

AJAX Handlers 9

authwp_ajax_spotlight_search_search_result_globalclasses\frontend\Global_Search.php:6

noprivwp_ajax_spotlight_search_search_result_globalclasses\frontend\Global_Search.php:7

authwp_ajax_spotlight_search_search_resultclasses\frontend\Search.php:7

noprivwp_ajax_spotlight_search_search_resultclasses\frontend\Search.php:8

authwp_ajax_csf-get-iconsincludes\codestar-framework\functions\actions.php:50

authwp_ajax_csf-exportincludes\codestar-framework\functions\actions.php:87

authwp_ajax_csf-importincludes\codestar-framework\functions\actions.php:123

authwp_ajax_csf-resetincludes\codestar-framework\functions\actions.php:150

authwp_ajax_csf-chosenincludes\codestar-framework\functions\actions.php:189

WordPress Hooks 28

actionafter_setup_themeclasses\frontend\Mailer.php:6

actionwp_footerclasses\Frontend.php:6

actionwp_footerclasses\Globals.php:14

actionadmin_footerclasses\Globals.php:15

actionwp_enqueue_scriptsincludes\codestar-framework\classes\abstract.class.php:20

actionadmin_menuincludes\codestar-framework\classes\admin-options.class.php:107

actionadmin_bar_menuincludes\codestar-framework\classes\admin-options.class.php:108

actionnetwork_admin_menuincludes\codestar-framework\classes\admin-options.class.php:112

filteradmin_footer_textincludes\codestar-framework\classes\admin-options.class.php:493

actionafter_setup_themeincludes\codestar-framework\classes\setup.class.php:73

actioninitincludes\codestar-framework\classes\setup.class.php:74

actionswitch_themeincludes\codestar-framework\classes\setup.class.php:75

actionadmin_enqueue_scriptsincludes\codestar-framework\classes\setup.class.php:76

actionwp_enqueue_scriptsincludes\codestar-framework\classes\setup.class.php:77

actionwp_headincludes\codestar-framework\classes\setup.class.php:78

filteradmin_body_classincludes\codestar-framework\classes\setup.class.php:79

actionadmin_footerincludes\codestar-framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsincludes\codestar-framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsincludes\codestar-framework\fields\link\link.php:65

actionprint_default_editor_scriptsincludes\codestar-framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuincludes\codestar-framework\views\welcome.php:19

filterplugin_action_linksincludes\codestar-framework\views\welcome.php:20

filterplugin_row_metaincludes\codestar-framework\views\welcome.php:21

actionwidgets_initincludes\spotlight_widget.php:4

actionwp_enqueue_scriptsspotlight-search.php:32

actionwp_enqueue_scriptsspotlight-search.php:35

actionadmin_enqueue_scriptsspotlight-search.php:36

actionplugins_loadedspotlight-search.php:38

Maintenance & Trust

Spotlight Search – Search Assistant Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedNov 5, 2022

PHP min version7.4

Downloads800

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Spotlight Search – Search Assistant Plugin for WordPress Alternatives

Ivory Search – WordPress Search Plugin

add-search-to-menu

Advanced WordPress custom search plugin. Provides Search Form Customizer, WooCommerce Search, AJAX Search & Live Search support!

100K 11 CVEs

FiboSearch – Ajax Search for WooCommerce

ajax-search-for-woocommerce

The most popular WooCommerce product search plugin. Gives your users a well-designed advanced AJAX search bar with live search suggestions.

100K 3 CVEs

SearchWP Live Ajax Search

searchwp-live-ajax-search

Template powered live search for any WordPress theme. Does not require SearchWP, but will utilize it if available.

50K 2 CVEs

Category AJAX Filter – Advanced Filter for Posts & Custom Post Types

category-ajax-filter

Filter WordPress posts and custom post types by categories, tags, and taxonomies with AJAX-powered filtering — no page reload required.

6K 1 CVE

Relevanssi Live Ajax Search

relevanssi-live-ajax-search

Template powered live search for any WordPress theme. Compatible with Relevanssi search!

6K 1 CVE

Developer Profile

Spotlight Search – Search Assistant Plugin for WordPress Developer Profile

Md. Jwel Miah

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Spotlight Search – Search Assistant Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spotlight-search/assets/css/assistant.css/wp-content/plugins/spotlight-search/assets/js/assistant.js/wp-content/plugins/spotlight-search/assets/js/ajax.js/wp-content/plugins/spotlight-search/assets/popup-search/popup-search.css/wp-content/plugins/spotlight-search/assets/popup-search/popup-search.js/wp-content/plugins/spotlight-search/assets/js/global-ajax.js

Script Paths

/wp-content/plugins/spotlight-search/assets/js/assistant.js/wp-content/plugins/spotlight-search/assets/js/ajax.js/wp-content/plugins/spotlight-search/assets/popup-search/popup-search.js/wp-content/plugins/spotlight-search/assets/js/global-ajax.js

Version Parameters

spotlight-search/assets/css/assistant.css?ver=spotlight-search/assets/js/assistant.js?ver=spotlight-search/assets/js/ajax.js?ver=spotlight-search/assets/popup-search/popup-search.css?ver=spotlight-search/assets/popup-search/popup-search.js?ver=spotlight-search/assets/js/global-ajax.js?ver=

HTML / DOM Fingerprints

JS Globals

spotlight_search_searchspotlight_search_search_global

FAQ