Plugin inspection:

ElasticPress

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

Warnings

This recommendation applies to version 2.4 of this plugin, but the most recent version is 5.1.3. These findings may no longer be correct.

Findings

  • This plugin interacts with WooCommerce. That plugin was not tested in conjunction with this plugin.
  • It is possible to set the Elasticsearch hostname/username/password via a setting in /wp-admin/ and via a constant (EP_HOST). When the host is set via a constant, the host is shown to admin users. This potentially exposes sensitive credentials to people who are not permitted to know them.
  • No other issues found.