How can we help you?
How does the vulnerability scan work?
Once WordPress plugins and their versions are detected, the app queries the WPVulnerabilities database — a free, publicly maintained database of known WordPress security issues.
It checks each detected plugin and the WordPress core version against this database and shows you any known CVEs, their severity, and whether a fix is available. If a plugin’s version couldn’t be determined, that item is skipped and flagged so you know to check it manually.