Hacking using plug-in vulnerabilities, which account for the majority of WordPress malware infections (tampering damage), has been increasing in recent years.
Plug-in vulnerabilities are sometimes fixed by the creators of the plug-ins, so it is advisable to keep all plug-ins up-to-date, but you may hesitate to do so because of the possibility of WordPress malfunctions.
If the plugins are repeatedly reinfected, it is possible that the vulnerability of the plugin is being exploited.

Precautions for Checking Plug-in Vulnerabilities

If you suspect a plugin vulnerability, we recommend that you first remove any plugins that are not in use. Just because a plugin is deactivated does not mean that it cannot be exploited, and many vulnerabilities can be exploited by hackers simply by having the files on the server.
Leaving old plug-ins in a deactivated state is a major security risk if a hacker is aware of the vulnerability.
If you want to improve your security, or if you suspect a malware infection or an attack using a vulnerability in a plugin, we recommend that you first remove all unused plugins from your server.

Check various software (including WordPress) vulnerability databases for plugin vulnerabilities.

NVD (National Vulnerability Database) is one of the largest vulnerability databases in the United States. You can search here for various known vulnerabilities, including WordPress plugins.

https://nvd.nist.gov/vuln/search
and copy and paste the name of the plugin you are interested in from the “Plugin List” on the administration page, then enter it in the Search Keyword field to search.

Find out the version of the vulnerability of the plugin and the vulnerability risk.

In the description column of the vulnerability list of the search results, you can see which version of the plugin is vulnerable (1).
Also, in the right column, the vulnerability’s danger level is indicated (2).

If the vulnerability score is High, you should be careful. Many plugins with high vulnerability scores can be used to remotely hijack WordPress.
If you find such a vulnerability, we recommend that you remove or update the plugin as soon as possible.

Free WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal]

If you want to check for vulnerabilities from the outside, please use the WordPress Vulnerability Assessment Security Scanner.

Related Posts:

  1. How to check individual WordPress plugins for vulnerabilities
    It is said that 60% of WordPress hacks are program (theme or plugin) vulnerabilities. We will explain how to check for vulnerabilities in your plugins individually....
  2. How to check individual WordPress themes and plugins for vulnerabilities
    Here are some ways to check for vulnerabilities in WordPress themes and plugins....
  3. Is it dangerous to include many plugins in WordPress for security reasons?
    WordPress is an extremely versatile CMS with over 50,000 free plug-ins that can be used to add functionality to your site. In this article, we will discuss the number and security of plug-ins....
  4. What are program vulnerabilities in WordPress?
    WordPress and plugins require updates to close vulnerabilities, but we will explain the most dangerous types of vulnerabilities....
  5. If you are worried about security with WordPress, but also worried about problems that may occur when updating
    WordPress itself, themes, and plug-ins are rarely found to be vulnerable, and their creators release updates to improve security, but updates can also cause problems with the site. In some cases, the update is forbidden by the company because it causes the site to malfunction. This dilemma always revolves around the operation of WordPress. We will explain how to deal...
  6. Where is WordPress being hacked from? Find out the vulnerabilities of plugins and WordPress itself!
    If you have been a victim of WordPress defacement or hacking and have viruses or malware embedded in your site, or if you repeatedly find yourself in a similar situation, you may wonder where hackers are getting into your site. In this article, we will explain how to find vulnerabilities in plugins and WordPress itself, which is one of the...