Your vulnerability report shows known security issues in the plugins, themes, and WordPress core installed on your sites.
Where to find it
Dashboard → Vulnerabilities tab. Or per-site: open a site → Vulnerabilities sub-tab.
What each row means
Each vulnerability shows:
- CVE ID — official identifier (e.g., CVE-2024-1234) — links to NVD
- Affected component — plugin name + version range
- Severity — Critical / High / Medium / Low (based on CVSS score)
- Patch available — yes/no, with the version that fixes it
- Exploit in the wild — is this being actively exploited right now?
- Your status — affected, patched, not installed
Severity guide
| Severity | CVSS | What to do |
|---|---|---|
| Critical | 9.0+ | Patch within 24h. Often exploitable without auth. |
| High | 7.0-8.9 | Patch within 7 days. May require auth. |
| Medium | 4.0-6.9 | Patch in next maintenance window. |
| Low | <4.0 | Patch when convenient (next major update cycle). |
Patching options
For each vulnerability you can:
- Auto-patch (Pro) — PowerSEC updates the affected plugin automatically. Backup taken before.
- Manual update — update the plugin yourself from WP admin
- Mitigate — disable the plugin if you don't actively use it
- Accept risk — mark as accepted with a note (audited later)
- Replace — remove the vulnerable plugin, find an alternative
When patches don't exist
Some vulnerabilities are reported in abandoned plugins. PowerSEC will:
- Show "No patch available" status
- Recommend disabling the plugin
- Add a virtual patch to the WAF when possible (blocks the exploit at the firewall)
How often we scan
| Plan | Scan frequency |
|---|---|
| Free | Daily |
| Pro | Hourly |
| Agency | Hourly + immediate when CVE published |
Data sources: WPScan, NVD, MITRE, vendor advisories. Most CVEs appear in our database within 1-2 hours of public disclosure.
False positives
Sometimes a plugin's patched version doesn't update its readme.txt — leading to false positives. If you've patched but PowerSEC still shows you as vulnerable, click "Re-check" on the vulnerability to force a fresh comparison.