It is said that 60% of WordPress hacks are program (theme or plugin) vulnerabilities. We will explain how to check for vulnerabilities in your plugins individually.
Examine plug-ins for vulnerabilities
WPSCAN is probably the largest database of WordPress vulnerabilities in the world.
in the search field with the plugin slug (folder name) or, less accurately, the name of the plugin.
Just because a plugin has a vulnerability does not mean it is immediately dangerous.
First, check to see if the version of the plugin you are using is the vulnerable version.
If your plugin is within this version, it is not immediately dangerous.
There are various levels of vulnerability, ranging from the most serious, such as the ability to output a string of characters to a page when accessing a specific URL, to the most dangerous, such as the ability to alter WordPress files and folders without logging in.
Please read the individual vulnerability descriptions carefully and check your vulnerability score.
*To check your vulnerability score, click Learn more at National Vulnerability Database (NVD) to jump to the NVD (an international vulnerability database scoring organization) site.
What is a vulnerability score?
Vulnerability score is a score out of 10, which is calculated mechanically according to the severity of the vulnerability; the closer the score is to 10, the higher the risk, and if the score is 7 or higher, it is always recommended to update or stop using the plugin.
You can also use the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal] to search for vulnerabilities in plug-ins and find out which ones are dangerous.
We hope you will give it a try.