As of June 26, 2024, the data set for the Plugin Vulnerabilities service contained data on unfixed known vulnerabilities in WordPress plugins with at least 15.38 million installs, which remain in the WordPress Plugin Directory despite those vulnerabilities. You would think that WordPress would make sure they don’t remain in that, but that clearly isn’t the case.

We offer two free options to check if WordPress plugins you use are known to be vulnerable.

You can check all the plugins you use on a website at once when you sign up for a free trial of our service.

You can run individual plugins in the WordPress Plugin Directory through our Plugin Security Scorecard, which will warn if they are known to be vulnerable.