When a new vulnerability is disclosed, attackers often start exploiting it within hours โ frequently before a patch is even widely installed. So "what should I fix first?" should be driven by what is actually being attacked, not just a severity label.
PowerSEC cross-references every vulnerability we detect on your sites against the CISA Known Exploited Vulnerabilities (KEV) catalog โ the U.S. government's authoritative, continuously-updated list of CVEs confirmed to be exploited in the wild.
What you'll see
- On Dashboard โ Vulnerabilities, any vulnerability whose CVE is in the KEV catalog gets a red ๐ฅ Actively exploited badge.
- These are sorted to the very top of the list โ above even non-exploited "critical" items โ because an actively-exploited High is a bigger real-world risk than a Critical nobody is attacking yet.
- A banner summarises how many of your vulnerabilities are actively exploited right now.
What to do
- Patch or update the affected plugin/theme first. This closes the hole completely.
- If you can't update immediately, PowerSEC Pro can deploy a WAF mitigation rule to block the exploit pattern while you schedule the update.
- Re-scan to confirm the vulnerability is cleared.
Good to know
- The KEV feed is refreshed automatically and fails safe: if the feed is temporarily unreachable, no vulnerability is ever hidden or down-ranked โ you simply won't see the badge until it refreshes.
- A vulnerability not flagged isn't necessarily safe to ignore โ it just isn't on the confirmed-exploited list. Severity still matters.