Support » Plugin: Exploit Scanner » "Severe matches" from disabled plug-in

  • I ran Exploit Scanner and got some “severe matches” from a particular plug-in, so I disabled the plug-in. When I run Exploit Scanner again, however, those same “severe matches” are still there. Does that make sense? Are these vulnerabilities even if the plug-in is disabled?

    Thank you for the help! You have an excellent plug-in, by the way.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Damn, I wished somebody had responded to this!

    I’ve got a similar situation. Of course the primary way to deal with this is to delete the deactivated plugins. And just add them again later if you need them.

    In some cases, deactivated plugins still retain settings and in the case of the bigger plugins like BuddyPress, the database also retains most of those settings, even if they are deactivated.

    In this case, make sure to take a lot of notes, and if there’s a lot of content your out of luck.

    So, the scanner is a good step, but how to figure out if is a false positive or not becomes major…

    Thank you for the reply. I kind of don’t want to delete my plugins since then I’ll have to dig them up to reinstall them again, although I suppose that wouldn’t be a huge deal.

    So essentially I’m just making note that when I run the scanner I get “7 sever matches”. Should that number ever change then I guess I might have something to worry about.


    I actually did get a brief reply from another post that I started, and the response back was that exploit scanner tends to be on the extremely tight side in terms of potential dangers. I did drop a few plugins that showed up on Exploit Scanner’s radar, especially ones that I wasn’t using but had uploaded, but I’m also a BuddyPress user for my site, and it had nearly 15 severe warnings. That would mean I’d have to throw out the primary reason for why the site is up. I had over 80 severe matches, and got it down to about 30, so 7 is probably pretty good!

    I certainly want a well protected site, but it would be nice to know just how secure is secure enough.

    You should always delete plugins that are not in use, not just disable them. Malicious code can still easily infect a site via disabled plugins.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘"Severe matches" from disabled plug-in’ is closed to new replies.