This plugin has been closed as of October 2, 2018 and is not available for download. This closure is permanent. Reason: Guideline Violation.


November 24, 2018
I downloaded this plugin for my site and it’s useless. I think a child wrote it. The concept is juvenile. Keep a list of bad plugins and warn if you install one? then they want a license for it? what a bunch of junk. What people will do to make a buck.
November 13, 2017 1 reply
Installed and tested this plugin out. Wasn’t really impressed with what it does. I guess it may be ok for some people but I feel like it’s a waste of resources to install this on my wordpress site, it doesn’t actively provide any protection, just tells me that something is bad. Maybe it’s just the authors continued bashing of every competitor in the security industry that turns me off. Why isn’t the author doing more to help with the security community instead of bashing everyone? I briefly visited the blog related to the plugin – Just not a very professional company to deal with if you ask me.
September 3, 2016 2 replies
There are some issues with this plugin: 1) Since the plugin must be updated in order for it to detect vulnerabilities, and there haven’t been any new vulnerabilities added in nearly 4 months, this isn’t currently very useful as a security plugin. 2) Since users must update the plugin for it to be able to detect new vulnerabilities, chances are that they’ve already installed the security fix to the vulnerable plugin by the time this plugin informs them of the issue. Essentially, this plugin is redundant. 3) The plugin includes the list of vulnerabilities directly in the plugin files, which causes some hosting providers falsely to flag the plugin itself as malicious. For now, I’m finding a combination of Wordfence and Plugin Security Scanner to be more effective, since they both run scans automatically on a daily basis and send email notifications if issues are found. Among many other security features, Wordfence scans plugin files and compares them to the original versions from the official WordPress repository. It generates alerts if any plugins are out of date, and it shows the changes to the files so site admins can easily see whether they were manually done, or whether they are indeed malicious. It also checks for signatures of known malicious files, and scans file contents as well as the database for backdoors, trojans, and suspicious code. As for Plugin Security Scanner, it determines whether any plugins have security vulnerabilities by looking up details in the WPScan Vulnerability Database. I think this is more effective than including the list of vulnerabilities directly in the plugin files, as this plugin does, since the onus isn’t on site admins to update the plugin each time new vulnerabilities are added, and since issues can be found faster thanks to daily automatic scans.
September 3, 2016
This is an absolutely essential plugin which should be built in to Wordpress itself frankly to warn people that the plugins they are using contain exploits. I own a hosting company and much of our work is helping customers recover from hacked installs of Wordpress, Joomla, Magento or whatever software they’ve installed years previously but never updated. Wordpress, being used by apparently 25% of the world’s websites is a particular target. I’m giving it 4/5 only because the signatures of each vulnerable plugin this tracks in the plugin’s /vulnerabilities/ folder do themselves trigger false positive reports in server side exploit tools such as the very commonly used cxs by If those were stored in such a way that cxs wouldn’t report them then this gets 5/5.
Read all 14 reviews

Contributors & Developers

“Plugin Vulnerabilities” is open source software. The following people have contributed to this plugin.