There are several places you will find our data on publicly known vulnerabilities in WordPress plugins once you have set things up.

Email Alerts

When a vulnerability exists in the current version of an installed plugin, you will receive an email alert either at the admin email address set in your WordPress settings or another email address you have set in the plugin’s settings. That email will look similar to this:

Installed Plugins

On the new Plugin Vulnerabilities page in the Plugins menu, you will see a listing of any vulnerabilities that we are aware of that currently and previously existed in plugins installed on the website (as well as false reports of vulnerabilities in those plugins that we have written about):

On the Installed Plugins page, you will also see an alert below any plugins that currently known to be vulnerable:

The data shown on the Installed Plugins page comes from a cached copy of the data gathered from the service the last time the check for the email alerts automatically happens or the last time the Plugin Vulnerabilities page was visited, so for the latest data check the Plugin Vulnerabilities page.

Checking Other Plugins

For plugins that are not installed, you can see any vulnerabilities we have in our data set on a new tab named Vulnerabilities added to the detailed information on plugins. Those details pages can be found by clicking on the More Details link for a plugin on the page for adding new plugins in the WordPress admin area.