What is MainWP Vulnerability Checker Extension
MainWP Vulnerability Checker extension uses WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.
What is WPScan
WPScan is a black box WordPress vulnerability scanner.
It is a linux script, created by Sucuri to check WordPress for vulnerabilities. It has it’s own database with known security issues. The script is very powerful and allows you to:
- Enumerate all users
- Enumerate all themes
- Enumerate all plugins
- Check all themes against the database of vulnerabilities
- Check all plugins against the database of vulnerabilities
MainWP Vulnerability Checker extension works the same way. It checks all installed themes and plugins (and their versions) and compares them to the entries in wpvulndb. If it finds one, it will notify you in the dashboard. You can check a single site or perform bulk scan.
You can avoid the security issues that this extension is looking for by keeping everything up to date, but if manage a large amount of sites, this task becomes easier said than done.
Anyone can check any plugin or theme for known vulnerabilities because the wpvulndb database is open. Researchers are disclosing these issues after the vulnerabilities have been patched. It is a good place for research if you check whether a plugin had many vulnerabilities in the past and how quickly they have been patched. Unfortunately the database has been used by attackers who have found outdated plugin or theme and are looking for known way to compromise the site.
MainWP Vulnerability Checker gives you another point of view of your sites. In combination with MainWP Sucuri extension and MainWP WordFence it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.