This tool currently includes checks for the possibility of some instances of the following security issues in WordPress plugins:

• PHP object injection
• Remote code execution (RCE)
• Arbitrary file upload, writing, and deletion
• Arbitrary WordPress option (setting) addition, deletion, and updating
• Local file inclusion (LFI)
• Arbitrary file viewing
• Arbitrary user meta addition, deletion, and updating
• SQL injection
• Unsafe usage of extract()
• Server-side request forgery (SSRF)
• Usage of third-party libraries with known vulnerabilities
• Open redirect
• Reflected cross-site scripting (XSS)
• Base64 obfuscation
• Incorrect usage of non-privileged AJAX registration

The results of the tool have led to identifying and getting fixed some serious vulnerabilities, less serious vulnerabilities in very popular plugins also being identified and fixed, as well as identifying plugins that are in need of general security improvement. That being said, the tool (or any similar tool) is incapable of determining if a plugin is secure or not. Information on what can and can't determine if a plugin is secure can be found here.

Check Plugin in WordPress Plugin Directory

Choose WordPress plugin available in the Plugin Directory to check by searching on its name or slug:

Check Plugin in ClassicPress Plugin Directory

Choose ClassicPress plugin available in the Plugin Directory to check by searching on its name or slug:

Check Other Plugin

Subscribers of our service can submit ZIP files of other plugins to have them checked. You can sign up for a free trial of the service here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

The results of these scans will not be logged.

Latest Plugin Security Checker Results

WP Rocket | Simple LoadCSS Preloader

Activity Logs

User Activity Log

Headers Security Advanced & HSTS WP

Activity Log

Simple History

WP Compress

instant.page

WCFM

WP ULike