
Scry Search: Meilisearch for WordPress Security & Risk Analysis
wordpress.org/plugins/scry-searchThe ultimate Meilisearch for WordPress integration. Lightning-fast, typo-tolerant search with zero frontend changes required.
Is Scry Search: Meilisearch for WordPress Safe to Use in 2026?
Generally Safe
Score 100/100Scry Search: Meilisearch for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'scry-search' plugin v1.0.1 exhibits a mixed security posture. On the positive side, it has a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there are no known vulnerabilities (CVEs) associated with this plugin, and it doesn't appear to make external HTTP requests or perform file operations. However, several significant concerns are highlighted by the static analysis. Notably, 100% of output is unescaped, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also identified one high-severity flow with unsanitized input, which could lead to various injection attacks if not properly handled. The fact that 3 out of 3 analyzed flows had unsanitized paths is a serious red flag, even if no critical severities were reported in this specific analysis.
The lack of nonce checks and capability checks on any entry points (though there are none defined) is a general weakness, and the presence of 18 SQL queries, even with 72% using prepared statements, still leaves a portion potentially vulnerable to SQL injection if the unescaped outputs can influence query parameters. The inclusion of the Guzzle library, while potentially useful, could also introduce risks if it's an outdated or vulnerable version. Given the current data, the lack of identified vulnerabilities in its history is positive but does not negate the significant risks identified in the static and taint analysis. The plugin needs immediate attention to address its output escaping and input sanitization issues.
Key Concerns
- All output unescaped
- 1 high severity taint flow
- All analyzed flows with unsanitized paths
- Some SQL queries not prepared
- Bundled library (Guzzle)
Scry Search: Meilisearch for WordPress Security Vulnerabilities
Scry Search: Meilisearch for WordPress Release Timeline
Scry Search: Meilisearch for WordPress Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Scry Search: Meilisearch for WordPress Attack Surface
Maintenance & Trust
Scry Search: Meilisearch for WordPress Maintenance & Trust
Maintenance Signals
Community Trust
Scry Search: Meilisearch for WordPress Alternatives
WP Google Search
wp-google-search
This plugin gives a very simple way to integrate Google Search into your WordPress site.
Custom Search by BestWebSoft – WordPress Custom Search Plugin
custom-search-plugin
Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.
Swiftype Site Search Plugin for WordPress
swiftype-search
Fast, intelligent, and fully customizable search for your site.
Site Search 360
site-search-360
Precise and fast search, autocompletion, and search suggestions for your WordPress page.
Post Meta Searcher
post-meta-searcher
When activated, forces any WordPress Search Query to query against post meta data as part of the search criteria.
Scry Search: Meilisearch for WordPress Developer Profile
4 plugins · 10 total installs
How We Detect Scry Search: Meilisearch for WordPress
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/scry-search/assets/css/page.css/wp-content/plugins/scry-search/assets/css/admin.css/wp-content/plugins/scry-search/assets/js/admin.js/wp-content/plugins/scry-search/assets/js/admin.jsscry-search/assets/css/page.css?ver=1.0.0scry-search/assets/css/admin.css?ver=1.0.0scry-search/assets/js/admin.js?ver=1.0.0HTML / DOM Fingerprints
scry-ms-admin-page<!-- Main Scry Search Admin Page --><!-- Scry Search Admin Page: Vue App Wrapper -->data-plugin-urlwindow.scrySearchSettings/wp-json/scry-search/v1/settings