WP-Safety

Wavinai Search Security & Risk Analysis

wordpress.org/plugins/wavinai-search

Enhance your WooCommerce store with Wavinai Search, the smart and customizable search solution that transforms the way your customers shop.

0 active installs v1.2.0 PHP 7.4+ WP 6.0+ Updated Sep 21, 2025
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wavinai Search Safe to Use in 2026?

Generally Safe

Score 100/100

Wavinai Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "wavinai-search" plugin version 1.2.0 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates excellent practices, with 100% of outputs properly escaped and 97% of SQL queries utilizing prepared statements. There are no identified dangerous functions or external HTTP requests, and the plugin has no recorded vulnerability history, suggesting a robust development and maintenance process. The limited attack surface, consisting of a single shortcode, is also a positive indicator.

However, a notable concern is the complete absence of nonce checks across all identified entry points, despite the presence of capability checks. While the static analysis shows no critical or high-severity taint flows and no direct SQL injection risks from raw SQL, the lack of nonces leaves the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks if the shortcode's functionality can be exploited maliciously. The presence of file operations, though only one, warrants careful consideration in conjunction with the lack of nonce checks. Overall, the plugin is well-coded with many security best practices, but the missing nonce checks represent a significant, albeit addressable, weakness that could be exploited.

Key Concerns

  • Missing nonce checks on entry points
Vulnerabilities
None known

Wavinai Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Wavinai Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
59 prepared
Unescaped Output
0
29 escaped
Nonce Checks
0
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

97% prepared61 total queries

Output Escaping

100% escaped29 total outputs
Attack Surface

Wavinai Search Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wavinai-search-panel] Functionality\Shortcodes.php:18
WordPress Hooks 25
actionadmin_menuFunctionality\AdminMenus.php:15
actionadmin_enqueue_scriptsFunctionality\AdminMenus.php:16
filterplubo/endpointsFunctionality\ApiEndpoints.php:26
actionwp_enqueue_scriptsFunctionality\CustomColors.php:16
actionwp_enqueue_scriptsFunctionality\CustomColumns.php:16
actionWavinaiSearch/setupFunctionality\CustomTables.php:18
actionWavinaiSearch/setupFunctionality\CustomTables.php:19
actionWavinaiSearch/setupFunctionality\CustomTables.php:20
actionWavinaiSearch/cleanupFunctionality\CustomTables.php:22
actioninitFunctionality\GutenbergBlocks.php:16
filterblock_categories_allFunctionality\GutenbergBlocks.php:17
actionwp_enqueue_scriptsFunctionality\LogoWidth.php:16
actionwoocommerce_delete_productFunctionality\ProductSave.php:17
actionwoocommerce_delete_product_variationFunctionality\ProductSave.php:18
actionwp_trash_postFunctionality\ProductSave.php:21
actionbefore_delete_postFunctionality\ProductSave.php:22
actionwp_enqueue_scriptsFunctionality\RegisterAssets.php:16
actionadmin_enqueue_scriptsFunctionality\RegisterAssets.php:17
actionenqueue_block_editor_assetsFunctionality\RegisterAssets.php:18
actionwavinai_search_event_add_new_user_searchFunctionality\Schedules.php:19
actionwoocommerce_update_productFunctionality\Schedules.php:26
actionwoocommerce_create_productFunctionality\Schedules.php:27
actioninitFunctionality\Shortcodes.php:14
actionwp_enqueue_scriptsIncludes\AssetsLoader.php:19
actionadmin_enqueue_scriptsIncludes\AssetsLoader.php:20
Maintenance & Trust

Wavinai Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 21, 2025
PHP min version7.4
Downloads281

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Wavinai Search Alternatives

No alternatives data available yet.

Developer Profile

Wavinai Search Developer Profile

Sirvelia

7 plugins · 60 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wavinai Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wavinai-search/dist/css/wavinai-search.css/wp-content/plugins/wavinai-search/dist/js/wavinai-search.js/wp-content/plugins/wavinai-search/dist/css/wavinai-search-admin-settings.css/wp-content/plugins/wavinai-search/dist/js/wavinai-search-admin-settings.js
Script Paths
/wp-content/plugins/wavinai-search/dist/js/wavinai-search.js/wp-content/plugins/wavinai-search/dist/js/wavinai-search-admin-settings.js
Version Parameters
wavinai-search/dist/css/wavinai-search.css?ver=wavinai-search/dist/js/wavinai-search.js?ver=wavinai-search/dist/css/wavinai-search-admin-settings.css?ver=wavinai-search/dist/js/wavinai-search-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
wvn-search-wrapperwvn-search-inputwvn-search-buttonwvn-search-suggestionswvn-search-suggestion-itemwavinai-search-admin-settingswvn-product-count-desktopwvn-product-count-tablet+2 more
HTML Comments
<!-- Wavinai Search Plugin --><!-- Start Wavinai Search Admin Settings --><!-- End Wavinai Search Admin Settings -->
Data Attributes
data-wvn-search-api
JS Globals
WavinaiSearchConfig
REST Endpoints
/wp-json/wavinai-search/v1/products
Shortcode Output
[wavinai_search][wavinai_search_form]
FAQ

Frequently Asked Questions about Wavinai Search