MainWP Vulnerability Checker Extension overview

What is MainWP Vulnerability Checker Extension

MainWP Vulnerability Checker extension uses WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.

Price: Free

What is WPScan

WPScan is a black box WordPress vulnerability scanner.

It is a linux script, created by Sucuri to check WordPress for vulnerabilities. It has it’s own database with known security issues. The script is very powerful and allows you to:

  • Enumerate all users
  • Enumerate all themes
  • Enumerate all plugins
  • Check all themes against the database of vulnerabilities
  • Check all plugins against the database of vulnerabilities


MainWP Vulnerability Checker extension works the same way. It checks all installed themes and plugins (and their versions) and compares them to the entries in wpvulndb. If it finds one, it will notify you in the dashboard. You can check a single site or perform bulk scan.

You can avoid the security issues that this extension is looking for by keeping everything up to date, but if manage a large amount of sites, this task becomes easier said than done.

Anyone can check any plugin or theme for known vulnerabilities because the wpvulndb database is open. Researchers are disclosing these issues after the vulnerabilities have been patched. It is a good place for research if you check whether a plugin had many vulnerabilities in the past and how quickly they have been patched. Unfortunately the database has been used by attackers who have found outdated plugin or theme and are looking for known way to compromise the site.

Resources on WordPress MainWP Vulnerability Checker Extension overview MainWP Vulnerability Checker
Security issue in one of the plugins

MainWP Vulnerability Checker gives you another point of view of your sites. In combination with MainWP Sucuri extension and MainWP WordFence it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.


Leave a Reply

Your email address will not be published. Required fields are marked *