Your vulnerability report shows known security issues in the plugins, themes, and WordPress core installed on your sites.
Where to find it
Dashboard → Vulnerabilities tab. Or per-site: open a site → Vulnerabilities sub-tab.
What each row means
- CVE ID — official identifier (e.g., CVE-2024-1234) — links to NVD
- Affected component — plugin name + version range
- Severity — Critical / High / Medium / Low (based on CVSS score)
- Patch available — yes/no, with the version that fixes it
- Your status — affected, patched, not installed
Severity guide
| Severity | CVSS | What to do |
|---|---|---|
| Critical | 9.0+ | Patch within 24h. Often exploitable without auth. |
| High | 7.0-8.9 | Patch within 7 days. May require auth. |
| Medium | 4.0-6.9 | Patch in next maintenance window. |
| Low | <4.0 | Patch when convenient. |
Patching options
- Auto-patch (Pro) — PowerSEC updates the affected plugin automatically. Backup taken before.
- Manual update — update the plugin yourself from WP admin
- Mitigate — disable the plugin if you don't actively use it
- Accept risk — mark as accepted with a note
Scan frequency
| Plan | Scan frequency |
|---|---|
| Free | Daily |
| Pro | Hourly |
| Agency | Hourly + immediate when CVE published |
Data sources: WPScan, NVD, MITRE, vendor advisories. Most CVEs appear in our database within 1-2 hours of public disclosure.