WordPress Plugin Vulnerability Alerting

We are pleased to announce the latest feature added to, WordPress Plugin Vulnerability alerting to show you which plugins installed on your connected WordPress sites, have known security vulnerabilities and issues.

Keep reading to see how we determine these, and how they are displayed in a account.

How we determine plugin vulnerabilities?

The snapshot of your WordPress sites runs twice a day, getting basic information from your connected site. This includes a list of all the installed plugins on each site.

We then compare that list of plugin version numbers, against several threat intelligence databases, custom vulnerability lists, and our own threat data.

These include the popular WordFence vulnerability data, CVE and Mitre datasets in a license compatible way.

We will then show which sites are vulnerable on the main sites page:

And when you click to manage an individual site, you can then view specific details on the vulnerable plugins installed on that site.

We will highlight plugins that are installed and found to have a version affected by a known security vulnerability. We will provide a link to the relevant documentation

How can I fix my insecure plugins?

We provide a link to information on the source of the vulnerability, which explains exactly what the underlying problem is.

The correct way to secure your site is to follow best practice and keep your plugins up to date.

It is rare that a plugin that is up to date will have an un-fixed security vulnerability (except 0-days which we are not checking for currently)

So to fix your insecure WordPress plugin vulnerabilities – just apply the updates available to your plugins! Simple

How can I mass update a plugin across multiple WordPress sites?

With the mass plugin updater of course!

We have many tools in the toolset that allow you to select and apply updates across many WordPress sites in one go.