WP-Safety

WPSOLR Search — WordPress Search Plugin Security & Risk Analysis

wordpress.org/plugins/wpsolr-free

Enterprise WordPress search plugin. Post types Search, WooCommerce Search, Live Search, Filters, Facets, Recommendations.

90 active installs v24.4 PHP 8.1+ WP 6.0+ Updated Mar 2, 2026
ai-searchajax-searchlive-searchproduct-searchsearch
98
A · Safe
CVEs total1
Unpatched0
Last CVEApr 9, 2025
Plugin page Download
Safety Verdict

Is WPSOLR Search — WordPress Search Plugin Safe to Use in 2026?

Generally Safe

Score 98/100

WPSOLR Search — WordPress Search Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 9, 2025Updated 1mo ago
Risk Assessment

The wpsolr-free plugin v24.4 exhibits a generally good security posture with several strengths, including a high percentage of SQL queries using prepared statements and excellent output escaping. The taint analysis also revealed no critical or high-severity vulnerabilities, indicating robust handling of potentially malicious input within the analyzed flows. The plugin also demonstrates a good number of nonce and capability checks.

However, there are notable areas of concern. The presence of two AJAX handlers without authentication checks represents a significant attack vector. While the taint analysis didn't flag issues, the lack of authorization on these entry points means an attacker could potentially trigger unintended actions. The plugin's vulnerability history, while currently showing no unpatched high-severity issues, does list one high-severity CVE in its past, which suggests a historical tendency towards vulnerabilities that require careful attention.

In conclusion, wpsolr-free v24.4 has strong internal code security practices. The primary weakness lies in the exposed AJAX endpoints, which could be exploited if not properly secured at the application level. While the past CVE is resolved, it serves as a reminder for ongoing vigilance. Overall, the plugin is reasonably secure but requires attention to the unauthenticated AJAX handlers.

Key Concerns

  • Unprotected AJAX handlers
  • High-severity CVE in vulnerability history
  • Bundled outdated library (Select2 v3.5.4)
Vulnerabilities
1

WPSOLR Search — WordPress Search Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-31036high · 8.8Cross-Site Request Forgery (CSRF)

WPSolr <= 24.0 - Cross-Site Request Forgery to Privilege Escalation

Apr 9, 2025 Patched in 24.0.1 (15d)
Code Analysis
Analyzed Mar 16, 2026

WPSOLR Search — WordPress Search Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
33 prepared
Unescaped Output
7
239 escaped
Nonce Checks
38
Capability Checks
1
File Operations
22
External Requests
15
Bundled Libraries
1

Bundled Libraries

Select23.5.4

SQL Query Safety

69% prepared48 total queries

Output Escaping

97% escaped246 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<class-wpsolr-admin-ui-ajax-media-content-upload> (wpsolr\core\classes\admin\ui\ajax\class-wpsolr-admin-ui-ajax-media-content-upload.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WPSOLR Search — WordPress Search Plugin Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 2

authwp_ajax_yith_ajax_search_productswpsolr\core\classes\extensions\yith_woocommerce_ajax_search_free\class-wpsolr-plugin-yith-woocommerce-ajax-search-free.php:33
noprivwp_ajax_yith_ajax_search_productswpsolr\core\classes\extensions\yith_woocommerce_ajax_search_free\class-wpsolr-plugin-yith-woocommerce-ajax-search-free.php:34

Shortcodes 2

[solr_search_shortcode] wpsolr\core\wpsolr_include.inc.php:532
[solr_form] wpsolr\core\wpsolr_include.inc.php:533
WordPress Hooks 43
actioninitwpsolr\core\classes\admin\ui\ajax\class-wpsolr-admin-ui-ajax.php:130
actiontemplate_redirectwpsolr\core\classes\admin\ui\ajax\class-wpsolr-admin-ui-ajax.php:131
filterquerywpsolr\core\classes\class-wpsolr-unittestcase-utils.php:305
filterposts_pre_querywpsolr\core\classes\extensions\premium\class-wpsolr-option-premium.php:99
filterajax_query_attachments_argswpsolr\core\classes\extensions\premium\class-wpsolr-option-premium.php:100
filterposts_pre_querywpsolr\core\classes\extensions\yith_woocommerce_ajax_search_free\class-wpsolr-plugin-yith-woocommerce-ajax-search-free.php:37
actionadd_meta_boxeswpsolr\core\classes\metabox\class-wpsolr-metabox.php:48
actionsave_postwpsolr\core\classes\metabox\class-wpsolr-metabox.php:49
actionadd_attachmentwpsolr\core\classes\metabox\class-wpsolr-metabox.php:50
actionedit_attachmentwpsolr\core\classes\metabox\class-wpsolr-metabox.php:51
actionwp_loadedwpsolr\core\classes\services\class-wpsolr-service-container.php:20
actionmanage_posts_extra_tablenavwpsolr\core\classes\ui\shortcode\class-wpsolr-shortcode.php:36
actionwoocommerce_order_list_table_extra_tablenavwpsolr\core\classes\ui\shortcode\class-wpsolr-shortcode.php:37
actionwidgets_initwpsolr\core\classes\ui\widget\class-wpsolr-widget.php:19
filterinitwpsolr\core\dashboard\dashboard.php:98
filterpre_option_active_pluginswpsolr\core\wpsolr-fast-mode.php:25
actionwp_headwpsolr\core\wpsolr_include.inc.php:65
actionadmin_menuwpsolr\core\wpsolr_include.inc.php:66
actionadmin_initwpsolr\core\wpsolr_include.inc.php:67
actionadmin_enqueue_scriptswpsolr\core\wpsolr_include.inc.php:68
actionwp_enqueue_scriptswpsolr\core\wpsolr_include.inc.php:69
actionadmin_noticeswpsolr\core\wpsolr_include.inc.php:123
actionsave_postwpsolr\core\wpsolr_include.inc.php:127
actionafter_delete_postwpsolr\core\wpsolr_include.inc.php:128
actionadd_attachmentwpsolr\core\wpsolr_include.inc.php:131
actionedit_attachmentwpsolr\core\wpsolr_include.inc.php:132
actiondelete_attachmentwpsolr\core\wpsolr_include.inc.php:133
actioncreate_termwpsolr\core\wpsolr_include.inc.php:134
actionedit_termwpsolr\core\wpsolr_include.inc.php:135
actionpre_delete_termwpsolr\core\wpsolr_include.inc.php:136
actioncomment_postwpsolr\core\wpsolr_include.inc.php:141
actionwp_set_comment_statuswpsolr\core\wpsolr_include.inc.php:144
filterget_search_formwpsolr\core\wpsolr_include.inc.php:512
filtertemplate_includewpsolr\core\wpsolr_include.inc.php:517
actionadmin_noticeswpsolr\core\wpsolr_include.inc.php:538
actionafter_setup_themewpsolr\core\wpsolr_include.inc.php:611
actionwp_footerwpsolr\core\wpsolr_include.inc.php:820
actionadmin_footerwpsolr\core\wpsolr_include.inc.php:821
actionwp_enqueue_scriptswpsolr-examples\wpsolr-example-suggestions-custom-templates-twentysixteen-child\functions.php:20
actionadmin_initwpsolr-examples\wpsolr-example-suggestions-custom-templates-twentysixteen-child\functions.php:26
actionadmin_headwpsolr.inc.php:28
actionwp_headwpsolr.inc.php:29
actioninitwpsolr.inc.php:31
Maintenance & Trust

WPSOLR Search — WordPress Search Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version8.1
Downloads8K

Community Trust

Rating90/100
Number of ratings2
Active installs90
Alternatives

WPSOLR Search — WordPress Search Plugin Alternatives

Advanced Product Search For WooCommerce

Advanced Product Search For WooCommerce

advanced-product-search-for-woo

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

4K No CVEs
Ajax Product Search for WooCommerce (ProSearch)

Ajax Product Search for WooCommerce (ProSearch)

modern-product-search-for-woocommerce

A
100

Smart, fast, and accurate Ajax Product Search for WooCommerce with live results, fuzzy matching, and instant product suggestions.

40 No CVEs
DooSearch – Ajax Search & Filters for WooCommerce

DooSearch – Ajax Search & Filters for WooCommerce

doosearch-ajax-search-for-woo

A
100

A blazing-fast WooCommerce product search plugin with AJAX and live filters to boost conversions.

0 No CVEs
Dragonfly – Advanced Live Search

Dragonfly – Advanced Live Search

dragonfly

A
100

Search Any Post Type Or Taxonomy

0 No CVEs
FtlCommerce – Instant Product Search

FtlCommerce – Instant Product Search

ftlcommerce-instant-product-search

A
100

Lightning-fast, client-side fuzzy search for WooCommerce products. Zero server delays, instant results, advanced filtering.

0 No CVEs
Developer Profile

WPSOLR Search — WordPress Search Plugin Developer Profile

WPSOLR

1 plugin · 90 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect WPSOLR Search — WordPress Search Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpsolr-free/wpsolr.inc.php
Version Parameters
wpsolr-free/wpsolr-free.php?ver=wpsolr-free.php?ver=

HTML / DOM Fingerprints

CSS Classes
wpsolr_facet_skin_nonewpsolr_facet_radioboxwpsolr_facet_selectwpsolr_facet_class_
Data Attributes
wpsolr_permalink
JS Globals
wpsolr_localize_script_layout
FAQ

Frequently Asked Questions about WPSOLR Search — WordPress Search Plugin