Does SurfLab Search & Replace have any unpatched vulnerabilities?

No. All known vulnerabilities in SurfLab Search & Replace have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SurfLab Search & Replace compatible with WordPress 6.9.4?

According to WordPress.org data, SurfLab Search & Replace 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SurfLab Search & Replace compatible with PHP 7.4+?

SurfLab Search & Replace requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SurfLab Search & Replace updated?

SurfLab Search & Replace was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is SurfLab Search & Replace's security score?

SurfLab Search & Replace has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SurfLab Search & Replace Security & Risk Analysis

wordpress.org/plugins/surflab-search-replace

A lightweight tool for database search & replace.

0 active installs v1.0.0 PHP 7.4+ WP 5.6+ Updated Jan 30, 2026

databasereplacesearch

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SurfLab Search & Replace Safe to Use in 2026?

Generally Safe

Score 100/100

SurfLab Search & Replace has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'surflab-search-replace' plugin v1.0.0 exhibits a generally strong security posture, with several positive indicators. The absence of any known CVEs or past vulnerabilities, coupled with 100% output escaping and zero file operations or external HTTP requests, suggests careful development and attention to common attack vectors. Furthermore, the presence of nonce and capability checks on its single AJAX entry point, along with the lack of any taint analysis findings, are significant strengths. However, a notable concern is the presence of three 'unserialize' function calls. While not inherently a vulnerability, unserialization of untrusted data is a well-known risk that can lead to remote code execution or denial-of-service vulnerabilities if not handled with extreme caution and proper input validation. The plugin's limited attack surface and the fact that the single entry point appears to be protected are mitigating factors, but the use of unserialize warrants careful review of how it's implemented within the plugin.

Key Concerns

Dangerous function: unserialize

Vulnerabilities

None known

SurfLab Search & Replace Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SurfLab Search & Replace Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized = @unserialize($value, ['allowed_classes' => false]);includes\class-surf-sr.php:68

unserialize$unserialized = @unserialize($data, ['allowed_classes' => false]);includes\class-surf-sr.php:402

unserialize$unserialized = @unserialize($data, ['allowed_classes' => false]);includes\class-surf-sr.php:437

SQL Query Safety

69% prepared26 total queries

Output Escaping

100% escaped26 total outputs

Attack Surface

SurfLab Search & Replace Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_surf_sr_process_replaceincludes\class-surf-sr.php:33

WordPress Hooks 3

actionadmin_enqueue_scriptsincludes\class-surf-sr-loader.php:22

actionadmin_menuincludes\class-surf-sr-loader.php:118

actionplugins_loadedsurflab-search-replace.php:76

Maintenance & Trust

SurfLab Search & Replace Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version7.4

Downloads92

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

SurfLab Search & Replace Alternatives

Better Search Replace

better-search-replace

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs

Search Regex

search-regex

100

Search Regex adds a powerful set of search and replace functions to WordPress posts, pages, custom post types, and other data.

100K No CVEs

Go Live Update Urls

go-live-update-urls

100

Change the domain on your site with one click.

80K No CVEs

Better Find and Replace – AI-Powered Suggestions

real-time-auto-find-and-replace

Search and replace text, images, URLs, footer credits, code blocks or jQuery-Ajax content in real time or in Database, easy user-interface

50K 7 CVEs

Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More

search-replace-wpcode

100

Search and Replace everything in WordPress. Easily find and replace media, images, text, links and more with a single click using a simple user interf …

20K No CVEs

Developer Profile

SurfLab Search & Replace Developer Profile

Surflab

3 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SurfLab Search & Replace

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/surflab-search-replace/assets/js/surf-sr.js/wp-content/plugins/surflab-search-replace/assets/css/surf-sr.css/wp-content/plugins/surflab-search-replace/assets/icon_logo_sm_20.png

Script Paths

/wp-content/plugins/surflab-search-replace/assets/js/surf-sr.js

Version Parameters

surflab-search-replace/assets/js/surf-sr.js?ver=surflab-search-replace/assets/css/surf-sr.css?ver=

HTML / DOM Fingerprints

Data Attributes

surf-sr-jq-obj

JS Globals