Plugin Vulnerabilities is a simple WordPress plugin that actively scans your installed plugins and sends you an email alert when a security vulnerability is found. The usage is very simple. Once installed, go to “Plugins -> Plugins Vulnerabilities” to configure the settings. On the settings page it shows you a list of vulnerabilities found in your existing installed plugins and also known vulnerabilities for the past versions of existing plugins.
For every vulnerability found it will come with a link to a site where you can read more information about it. At the bottom of the Settings page, there is a drop-down field where you can enable an email alert when a security vulnerability is detected. Just change the drop-down to “Enabled” and click “Save Changes.”
It will now send you email notifications when it detects security vulnerabilities in your plugins.
Does it really work?
To test it out, I downloaded version 1.5.5.1 of WordPress SEo (it has been renamed to Yoast SEO) that is known to have a cross-site scripting vulnerability. And this is what I see on the Plugins page:
Note: Plugin vulnerabilities currently covers 345 vulnerabilities and will be updated as more vulnerabilities are uncovered.
What to do if my installed plugin has a security vulnerability?
If you received an email alert from Plugin Vulnerabilities, the first thing to do is to quickly update the plugin to the latest version. If it is already the latest version, and there is no fix from the developer, you will need to deactivate the plugin and look for a better, safer alternative.
Conclusion
If you tend to not bother too much with your WordPress setup, and/or you have not enabled the automatic background update for plugins, this will be a useful plugin for you as it keeps you alerted on the security vulnerabilities of your site. Let us know if you find this useful.
