Does YD Search Functions have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is YD Search Functions compatible with WordPress 2.9.2?

According to WordPress.org data, YD Search Functions 0.4.0 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is YD Search Functions updated?

YD Search Functions was last updated on May 10, 2010. Frequent updates are generally a positive security signal.

What is YD Search Functions's security score?

YD Search Functions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YD Search Functions Security & Risk Analysis

wordpress.org/plugins/yd-search-functions

Improved search tools and template functions including Google-like search result snippets (on-the-fly contextual abstract), search statistics and hit- …

10 active installs v0.4.0 PHP + WP 2.9.1+ Updated May 10, 2010

searchsnippetwordpresswp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is YD Search Functions Safe to Use in 2026?

Generally Safe

Score 85/100

YD Search Functions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The yd-search-functions plugin v0.4.0 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs and a seemingly small attack surface from the static analysis report (0 AJAX handlers, 0 REST API routes, etc.), there are significant concerns stemming from the code analysis. The most alarming findings are related to output escaping and taint analysis. A very low percentage (2%) of outputs are properly escaped, which strongly suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the taint analysis reveals 3 flows with unsanitized paths, including 2 of critical severity, indicating potential for code injection or other dangerous operations where user-supplied data is not properly validated or escaped before being used. The complete lack of nonce checks and capability checks further exacerbates these risks, as there are no built-in mechanisms to verify user intent or permissions for potentially sensitive operations. Despite the absence of SQL injection vulnerabilities due to the use of prepared statements and no direct file operations or external requests, the critical flaws in output escaping and taint analysis present a substantial security risk.

Key Concerns

Low output escaping percentage
Critical severity taint flows
Unsanitized paths in taint flows
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

YD Search Functions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

YD Search Functions Release Timeline

v0.4.0Current

v0.3.0

Code Analysis

Analyzed Apr 16, 2026

YD Search Functions Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared14 total queries

Output Escaping

2% escaped98 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

yd_searchfunc_options (yd-search-functions.php:214)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

YD Search Functions Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actioninityd-search-functions.php:182

actionadmin_menuyd-search-functions.php:193

filterplugin_row_metayd-search-functions.php:544

actionwp_footeryd-search-functions.php:854

actionwpyd-search-functions.php:895

actionwp_dashboard_setupyd-search-functions.php:915

actionplugins_loadedyd-search-functions.php:1151

Maintenance & Trust

YD Search Functions Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedMay 10, 2010

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

YD Search Functions Alternatives

Schema – All In One Schema Rich Snippets

all-in-one-schemaorg-rich-snippets

Improve SEO, elevate rankings and Boost CTR. Supports different types of content and works well with Google, Bing, Yahoo, and Facebook.

30K 2 CVEs

Shortcode Search | WordPress Search Bar Shortcode Plugin

shortcode-search

Shortcode Search is a simple plugin that lets users add a search bar anywhere on their WordPress website using the shortcode [search].

50 No CVEs

WP Real Estate

wprealestate

Specially for real estate agents and people who are willing to list their property listing on their own site.

40 No CVEs

WPRS Data Transporter

wprs-data-transporter

Simply transfer your inputs Schema markups for reviews and star ratings data from one theme/plugin to another.

10 No CVEs

$Rank Math SEO – AI SEO Tools to Dominate SEO Rankings$

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

4.0M 20 CVEs

Developer Profile

YD Search Functions Developer Profile

Yann at WP&Co

16 plugins · 220 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect YD Search Functions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yd-search-functions/

Version Parameters

yd-search-functions/style.css?ver=yd-search-functions/script.js?ver=

HTML / DOM Fingerprints

JS Globals

yd_searchfunc

FAQ