This plugin checks the plugins you have installed against a list of vulnerabilities in plugins that we have seen hackers trying to exploit. If the installed version of a plugin is vulnerable an alert is added to the Installed Plugins page and an email alert is sent, otherwise details of the vulnerabilities are included on the Plugin Vulnerabilities page. (If you are looking for our firewall plugin, you need to be using our service to get access to that.)
This data can also be helpful when cleaning up a hacked website, as you want to determine how the website was hacked when doing that and this data may provide part of information needed to do that.
You also get warned about plugins subject to a security advisory for the developer’s continued inability to secure their plugins.
Since the vulnerability data for the plugin is included in the plugin, you will need to keep the plugin up to date to insure you have the latest data.
You can use our Plugin Security Checker plugin to check if a plugin might contain additional security issues.
Latest Updates
2.0.98
* Added data on vulnerability in WP Compress.
2.0.97
* Updated developer advisories.
2.0.96
* Modernized code.
* Added notification if vulnerabilities are in Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog.
* Added data on vulnerabilities in Ad Invalid Click Protector, Blubrry PowerPress, Duplicator, File Manager, Membership For WooCommerce, SEO Optimized Images, Shield Security, Social Warfare, and WP Server Stats.
2.0.95
* Added data on vulnerabilities in BLAZE Retail Widget, Contact Form 7 Multi-Step Addon, Simply Show Hooks, Social Warfare, and Wrapper Link Elementor.
2.0.94
* Added data on vulnerabilities in Alphabetic Pagination and Startklar Elementor Addons.
Sign Up For Our Plugin Vulnerabilities Service
You can get alerted for known vulnerabilities in all the plugins you use, not just ones that we are already seeing evidence that hackers are targeting, when you sign up for a free trial of our Plugin Vulnerabilities service. As the data for that comes from checking with our service’s API, you don’t need to update the plugin to get alerted to new issues and you can have checks done as often as hourly.
Recently our service was warning about vulnerabilities in the most recent version of plugins with 15.2 million active installs, where the plugins are still available in the Plugin Directory.
Through the service you also have access to a number of other important features including the ability to suggest/vote for which plugins we will do security reviews of and help when dealing with a situation where you are using a plugin where the vulnerability has yet to be fixed (we can usually provide a temporary fix for the issue).