There are several places you will find the information on vulnerabilities in WordPress plugins from our service’s data once you have set up things up.
When a vulnerability exists in the current version of an installed plugin, you will receive an email alert either at the admin email address set in your WordPress settings or another email address you have set in the plugin’s settings. That email will look similar to this:
On the new Plugin Vulnerabilities page in the Plugins menu you will see a listing of any vulnerabilities that we are aware of that currently and previously existed in plugins installed on the website (as well as false reports of vulnerabilities in those plugins that we have written about):
On the Installed Plugins page you will also see an alert below any plugins that currently known to be vulnerable:
The data shown on the Installed Plugins page comes from a cached copy of the data gathered from the service the last time the check for the email alerts automatically happens or the last time the Plugin Vulnerabilities page was visited, so for the latest data check the Plugin Vulnerabilities page.
Checking Other Plugins
For plugins that are not installed you can see any vulnerabilities we have in our data set on a new tab named Vulnerabilities added to the detailed information on plugins. Those details pages can be found by clicking on the More Details link for a plugin on the page for adding new plugins in the WordPress admin area.