PLUGIN SECURITY
Is Ajax Search Lite safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Ajax Search Lite WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
ajax-search-lite - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 3.11 [WordPress Ajax Search Lite Plugin <= 3.1 - Remote Code Execution]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 3.0 [WordPress Ajax Search Pro Plugin - Remote Code Execution]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 3.11 [Ajax Search Lite <= 3.1 - Authenticated RCE]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 3.11 [Ajax Search Lite < 3.11 - Missing Authorization to Remote Code Execution]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 3.11 [Ajax Search Lite < 3.11 - Remote Code Execution]
+ 9 more known vulnerabilities
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.11.1 [CVE-2022-38456, WordPress Ajax Search Lite Plugin <= 4.10.3 is vulnerable to Sensitive Data Exposure, Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure, Ajax Search Lite < 4.11.1 - Subscriber+ Sensitive Data Disclosure]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.11.1 [CVE-2023-1420, WordPress Ajax Search Lite Plugin <= 4.11 is vulnerable to Cross Site Scripting (XSS), WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS), Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting, Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.11.5 [CVE-2024-21752, WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS), Ajax Search Lite <= 4.11.4 - Reflected Cross-Site Scripting, Ajax Search Lite < 4.11.5 - Reflected Cross-Site Scripting]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.12.1 [CVE-2024-7084, WordPress Ajax Search Lite Plugin < 4.12.1 is vulnerable to Cross Site Scripting (XSS), Ajax Search Lite < 4.12 - Authenticated (Admin+) Stored Cross-Site Scripting]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.12.3 [CVE-2024-8619, Ajax Search Lite <= 4.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting, EUVD-2025-15239]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.12.4 [CVE-2024-10568, Ajax Search Lite <= 4.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting, WordPress Ajax Search Lite Plugin < 4.12.4 is vulnerable to Cross Site Scripting (XSS)]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.12.5 [CVE-2024-13585, Ajax Search Lite <= 4.12.4 - Authenticated (Admin+) Stored Cross-Site Scripting, EUVD-2025-4500]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.13.4 [CVE-2025-48086, Ajax Search Lite <= 4.13.3 - Authenticated (Administrator+) PHP Object Injection]
- Ajax Search Lite – Live Search & Filter [ajax-search-lite] < 4.13.2 [Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler, Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler, EUVD-2025-26081]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Relevanssi – A Better Search — 100000+ active installs — max PHP 8.4
- Advanced Woo Search – Product Search for WooCommerce — 70000+ active installs — max PHP 8.4
- ACF: Better Search — 40000+ active installs — max PHP 8.4
- Advance Product Search- Voice & Ajax Search for WooCommerce — 10000+ active installs
- Better Search – Relevant search results for WordPress — 5000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.