Skip to content

How to Determine WordPress Plugin Vulnerability

In recent years, hacking exploiting plug-in vulnerabilities has increasing.
It is desirable to always keep all plug-ins up-to-date, as plug-in vulnerabilities may have been fixed by the author, but it may cause problems with WordPress site so many site plugins are leaved old version.
If re-infection occurs many times, the vulnerability of plug-in may be exploited. Check the vulnerability of the plug-in used individually by this method, and if there is vulnerability, you may update just by itself.

Important point when investigating plug-in vulnerabilities.

If you suspect a plug-in vulnerability, we recommend that you first remove unused plug-ins. Because a plug-in is disabled, it doesn’t mean that the vulnerability isn’t exploited, and many vulnerabilities can be exploited by hackers just because the file is on the server.

Check Plug-in Vulnerability in Vulnerability Database

The National Vulnerability Database (NVD) is the largest vulnerability database in the United States. You can search here for various known vulnerabilities, including WordPress plugins.

https://nvd.nist.gov/vuln/search
If you access this URL, copy the plugin name you are interested from “Plug-in list” of the management screen, let’s search by putting it in the place of Search Keyword.

Check the versions of vulnerable plug-ins and chekk the risk of vulnerabilities

In the Description column of the search results vulnerability list, you can see which version of the plug-in is vulnerable (1).
Also, the right column shows the risk of vulnerability (2).

If the vulnerability risk level is High you have to correspond as soon as possible. There are many plugins with high vulnerability scores that can remotely take over WordPress.
If such a vulnerability is found, we recommend that you remove the plug-in or update it.

[Free] WordPress: Malware Scan & Security Plugin [Malware Virus Detection and Removal]