WordPress Vulnerability Databases

Have you ever noticed an old WordPress plugin in your site, or heard news about WordPress sites being hacked through a particular plugin, and wondered if your plugins are vulnerable? Fortunately, there are free WordPress vulnerability databases you can check.

In information security, a vulnerability is a weakness that can be exploited. For example, a WordPress plugin could have an arbitrary file upload vulnerability, which allows anyone who knows how to upload files to your website, which they could use to steal data or damage your site.

WordPress Vulnerability Databases

These are 3 free WordPress vulnerability databases which you can manually check to see if your plugins or themes are vulnerable.

Wordfence's WordPress Vulnerability Database

  • Filter by core, plugins, or themes
  • Search 
  • Filter by vulnerability type
  • Filter by rating
  • Filter by date

Patchstack's WordPress vulnerability database

  • Search 
  • Filter by vulnerability type
  • Filter by core, plugins, or themes
  • Filter by severity

WPScan's Vulnerabilities pages

  • Filter by first letter of alphabet of software name
  • Separate pages for core, plugins, and themes

These databases are often checked by other tools, such as the Wordfence plugin and ManageWP site management tool, for automated checking of your site.

If you don't find results in any of these databases, do a web search for "plugin_name wordpress vulnerability" or "theme_name wordpress vulnerability".

Wordfence WordPress Vulnerability Database
Wordfence WordPress Vulnerability Database

What to do with Vulnerable Plugins and Themes

What if you find one of your plugins or themes listed as vulnerable? In many cases, the vulnerability has been fixed in an update, so install that update as soon as possible.

If no update is available, see if the plugin or theme author is aware of the issue and working on an update. You can check the support forum for the plugin or theme in the WordPress plugin or theme directories, or follow links from the plugin or theme page to find the author's website or social media profiles to look for announcements, or to ask about the status.

If you can't find out about the status from the plugin or theme author, or you don't want to wait, you can delete the plugin or theme from your site to remove the vulnerability. Simply deactivating isn't enough; you must delete it. Of course, if you need functionality or design provided by the plugin or theme, you'll need to find a replacement. Make a backup of your site before making any changes.

Going forward, be sure to install updates promptly, especially when they include security fixes.

Need Help Keeping Your WordPress Site Secure?

If you have no desire to sort through WordPress vulnerability databases, then let OptimWise maintain your WordPress site. We keep WordPress core, themes, and plugins updated to stay on top of security fixes, and provide security monitoring.

Filed Under: 

Want tips to rocket-boost your website?

Simply sign up.
Ready to Blast Off?

Let's talk.

Contact OptimWise