Here are some ways to check for vulnerabilities in WordPress themes and plugins.

Why site operators should care about vulnerabilities

Vulnerabilities are like gaps that can allow a program to perform unintended and unauthorized actions.

Plug-in vulnerabilities are said to be the cause of 60% of WordPress hacks that result in the loss of administrative privileges or alteration of site content and programs, The graph below shows that 95% of WordPress attacks can be prevented if only the #1 vulnerability in plug-ins, the #2 brute force (password-breaking brute force attack), and the #3 vulnerability in WordPress itself can be prevented.


How Attackers Gain Access to WordPress Sites

In the case of Japan, hacking of Japanese themes (No. 4) is rarely done, and the vulnerability of the server itself (No. 5) is rarely done because the server company has already taken security measures in the case of shared servers.

How to check for vulnerabilities in WordPress itself and individual plugins

1 Search the vulnerability database

Vulnerabilities of all kinds of programs are collected and compiled into databases all over the world. In Japan, an organization called JVN collects the information and publishes it as a database, so you can search for vulnerabilities here.

You can search for vulnerabilities here: https: //jvndb.jvn.jp/

Vulnerabilities are searched and displayed as shown below.

The red frame indicates the vulnerability level, which is classified on a 10-point scale as follows. 7 or higher is a vulnerability that should be addressed immediately.

Urgent: (9.0 to 10.0)
Critical: (7.0 to 8.9)
Warning: (4.0 to 6.9)
Caution: (0.1 – 3.9)

2 Plug-ins to check

WordPress Doctor has built its own database of the above and developed a plugin that allows you to inspect vulnerabilities from plugins.
We can accurately search and display only the highly dangerous vulnerabilities in plugins currently installed on your site and in WordPress itself.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Eliminate vulnerabilities and operate a secure website

As mentioned earlier, vulnerabilities in the programs included in WordPress are the most significant cause of WordPress sites being hacked.
Hackers mainly target the sites that are easiest to penetrate from among the vast number of WordPress sites, so even simple WordPress security measures can prevent hacker attacks in most cases.

Reference
Easy WordPress Security Improvement Checklist