Get information on vulnerable plugins and themes and what the issues are, directly from your MainWP Dashboard.
- The Vulnerability Extension gathers the latest information in real-time.
- Get notified about vulnerabilities on your websites.
- Update vulnerable plugins.
- Delete vulnerable plugins.
MainWP NVD API
This is a free API provided by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
The NIST NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
NVD Nist API Database can not be searched by plugin/theme slug (which would be unique for each item) and assure better accuracy, it can be searched by keyword only. This means that the API can return some false-positive results.
The NVD Nist API lacks the “Fixed in version” info for some vulnerabilities, leading to an Extension showing vulnerabilities that already have been resolved. To remove false positives and get accurate results, you can use the “Ignore” function to detect vulnerabilities if you recognize them as false-positive.
The WPScan Vulnerability Database is an online browsable version of WPScan’s data files used to detect known WordPress core, plugin, and theme vulnerabilities. This database compiles by the WPScan Team and various other contributors since WPScan’s release. BruCON’s 5by5 project funded the development of the WPScan Vulnerability Database.