You can get vulnerability data on WordPress plugins from a lot of different sources, but in most cases the underlying data source is the same, the WPScan Vulnerability Database. While we think that is a good data source for a lot of people since you can get access for free, as the old saying goes you get what you pay for. For one thing they don’t actual test out claimed vulnerabilities, so they end up with fake vulnerabilities listed (included ones marked as having been fixed), real vulnerabilities that are not listed being fixed despite that being the case, and the most concerning unfixed vulnerabilities listed as being fixed.

For those looking for that type of protection against plugin vulnerabilities and that can afford our service it will provide you with what we consider to be much better data. For others, they will want to make sure to install our service’s companion plugin, as WPScan’s data is missing many of the vulnerabilities being targeted by hackers that are included in the free data that comes with that (their lack of that data is yet another issue with it). [Read more]