Does WP Search have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Search have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Search compatible with WordPress 3.2.1?

According to WordPress.org data, WP Search 2.0.4.0 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is WP Search updated?

WP Search was last updated on Oct 25, 2011. Frequent updates are generally a positive security signal.

What is WP Search's security score?

WP Search has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Search Security & Risk Analysis

wordpress.org/plugins/wpsearch

WPSearch 2 is the missing site search for your Wordpress installation. Install this plugin if you need a fast, relevant, google-like search.

80 active installs v2.0.4.0 PHP + WP 3.0+ Updated Oct 25, 2011

fastlucenerelevantsearch

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Search Safe to Use in 2026?

Generally Safe

Score 85/100

WP Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The wpsearch v2.0.4.0 plugin exhibits a significant security risk due to a large attack surface with entirely unprotected entry points. All 9 AJAX handlers lack authentication checks, meaning any user, including unauthenticated visitors, can trigger these functions. This is a critical oversight that exposes the plugin to numerous potential attacks. Furthermore, the presence of dangerous functions like `unserialize` and `exec` within the codebase, combined with a low percentage of properly escaped output (22%), raises serious concerns about the plugin's ability to handle potentially malicious data safely. The lack of any nonce checks or capability checks on AJAX handlers amplifies the risk of unauthorized actions and privilege escalation.

While the plugin does utilize prepared statements for all its SQL queries, which is a positive practice, this single strength is heavily outweighed by the numerous weaknesses. The complete absence of any recorded vulnerabilities in its history is notable, but it does not negate the immediate and inherent risks identified in the static analysis. The lack of recorded vulnerabilities might indicate either a lack of historical scrutiny or that previous versions did not have these specific exploitable patterns. The combination of unprotected AJAX endpoints, dangerous function usage, and insufficient output escaping creates a high-risk profile for this plugin.

Key Concerns

AJAX handlers without authentication checks
Dangerous functions found (unserialize, exec)
Low percentage of properly escaped output
No nonce checks on AJAX handlers
No capability checks on AJAX handlers

Vulnerabilities

None known

WP Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Search Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif (($unserializedData = @unserialize($stiFileData)) !== false) {WPSearch\Backends\Phplucene\Zend\Search\Lucene\Index\SegmentInfo.php:588

unserialize$search_types = unserialize(WPSearch_Utility::getOption(self::KEY_SEARCH_TYPES, FALSE));WPSearch\Core.php:313

unserialize$search_types = unserialize(WPSearch_Utility::getOption(WPSearch_Core::KEY_SEARCH_TYPES, FALSE));WPSearch\Drivers\Search\Phplucene.php:94

unserialize$status = unserialize($content);WPSearch\Drivers\Search\Phplucene.php:681

execexec('ps -A -o pid', $output);WPSearch\Utility.php:126

SQL Query Safety

100% prepared9 total queries

Output Escaping

22% escaped23 total outputs

Attack Surface

9 unprotected

WP Search Attack Surface

Entry Points9

Unprotected9

AJAX Handlers 9

authwp_ajax_get_statsWPSearch\Core.php:94

authwp_ajax_save_index_commentsWPSearch\Core.php:95

authwp_ajax_save_index_categoriesWPSearch\Core.php:96

authwp_ajax_save_title_boostWPSearch\Core.php:97

authwp_ajax_save_content_boostWPSearch\Core.php:98

authwp_ajax_save_search_typesWPSearch\Core.php:99

authwp_ajax_rebuild_indexWPSearch\Core.php:100

authwp_ajax_searchWPSearch\Core.php:101

noprivwp_ajax_searchWPSearch\Core.php:102

WordPress Hooks 10

actionedit_postWPSearch\Core.php:82

actiondelete_postWPSearch\Core.php:83

actionpublish_postWPSearch\Core.php:84

actionpublish_pageWPSearch\Core.php:85

actionadmin_menuWPSearch\Core.php:86

actionadmin_initWPSearch\Core.php:87

actionadmin_noticesWPSearch\Core.php:88

filterposts_whereWPSearch\Core.php:89

filterpost_limitsWPSearch\Core.php:90

filterthe_postsWPSearch\Core.php:91

Maintenance & Trust

WP Search Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedOct 25, 2011

PHP min version

Downloads30K

Community Trust

Rating40/100

Number of ratings1

Active installs80

Alternatives

WP Search Alternatives

Enhanced Search

enhanced-search

Wordpress plugin that improves basic search giving you the possibility to do a fine tuning.

0 No CVEs

Better Search – Relevant search results for WordPress

better-search

Better Search replaces the default WordPress search with a better search engine that gives contextual results sorted by relevance.

5K 8 CVEs

WP Fast Total Search – The Power of Indexed Search

fulltext-search

Extends the default fulltext search with relevance, jet speed and ability to search any posts, metadata, taxonomy, shortcode content and more data.

1K 8 CVEs

Search with Typesense

search-with-typesense

Lightning fast seagrch for your WordPress site, powered by Typesense.

600 2 CVEs

Swiftype Site Search Plugin for WordPress

swiftype-search

Fast, intelligent, and fully customizable search for your site.

500 No CVEs

Developer Profile

WP Search Developer Profile

Kenny

3 plugins · 110 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpsearch/wpsearch.css/wp-content/plugins/wpsearch/jquery.multiselect.css/wp-content/plugins/wpsearch/js/jquery.timers-1.2.js/wp-content/plugins/wpsearch/js/jquery.multiselect.min.js/wp-content/plugins/wpsearch/js/wpsearch.js

Script Paths

http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.jshttp://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css

Version Parameters

wpsearch.css?ver=jquery.multiselect.css?ver=jquery.timers-1.2.js?ver=jquery.multiselect.min.js?ver=wpsearch.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpsearch-main-contentwpsearch-titlewpsearch-search-form

HTML Comments

Data Attributes

data-wpsearch-iddata-wpsearch-typedata-wpsearch-title

JS Globals

WPSearch_DATAwpsearchConfig

REST Endpoints

/wp-json/wpsearch/v1/search

Shortcode Output

[wpsearch]

FAQ