Hacking using plug-in vulnerabilities, which account for the majority of WordPress malware infections (tampering damage), has been increasing in recent years.
Plug-in vulnerabilities are sometimes fixed by the creators of the plug-ins, so it is advisable to keep all plug-ins up-to-date, but you may hesitate to do so because of the possibility of WordPress malfunctions.
If the plugins are repeatedly reinfected, it is possible that the vulnerability of the plugin is being exploited.
Precautions for Checking Plug-in Vulnerabilities
If you suspect a plugin vulnerability, we recommend that you first remove any plugins that are not in use. Just because a plugin is deactivated does not mean that it cannot be exploited, and many vulnerabilities can be exploited by hackers simply by having the files on the server.
Leaving old plug-ins in a deactivated state is a major security risk if a hacker is aware of the vulnerability.
If you want to improve your security, or if you suspect a malware infection or an attack using a vulnerability in a plugin, we recommend that you first remove all unused plugins from your server.
Check various software (including WordPress) vulnerability databases for plugin vulnerabilities.
NVD (National Vulnerability Database) is one of the largest vulnerability databases in the United States. You can search here for various known vulnerabilities, including WordPress plugins.
https://nvd.nist.gov/vuln/search
and copy and paste the name of the plugin you are interested in from the “Plugin List” on the administration page, then enter it in the Search Keyword field to search.
Find out the version of the vulnerability of the plugin and the vulnerability risk.
In the description column of the vulnerability list of the search results, you can see which version of the plugin is vulnerable (1).
Also, in the right column, the vulnerability’s danger level is indicated (2).
If the vulnerability score is High, you should be careful. Many plugins with high vulnerability scores can be used to remotely hijack WordPress.
If you find such a vulnerability, we recommend that you remove or update the plugin as soon as possible.
Free WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal]