SecurityCritical

Vulnerabilities detected in WordPress plugins or themes

One or more plugins or themes installed on your site have security vulnerabilities referenced in CVE databases.

Why it matters

Plugin vulnerabilities are the leading cause of WordPress hacking. An unpatched critical vulnerability can allow complete site takeover, malicious code injection or data theft.

How to fix

  1. 1

    Update immediately

    Dashboard → Updates → Check all plugins and themes → Update. Do a backup first.

  2. 2

    Disable if no fix is available

    If the report indicates "Unfixed", disable and delete the plugin while waiting for a patch. Look for an alternative on WordPress.org.

  3. 3

    Check with WP-CLI

    bash
    # List plugins with available updates
wp plugin list --update=available

# Update all plugins
wp plugin update --all
  4. 4

    Install a vulnerability scanner

    Wordfence or Patchstack Vulnerability Scanner automatically alert by email when a vulnerability is discovered in your plugins.

Related articles

SecurityWordPress out of date - outdated version detectedSecurityPHP end-of-life (EOL) on your server

Ready to fix this issue on your site?

Audit my site for free →