SiteFort documentation

Vulnerability Scanner

See which plugins, themes, and WordPress core have known security vulnerabilities. Covers the CVE table, how to read severity, and what to do about each finding.

Documentation HomeRecommended Settings

Vulnerability Scanner

The Vulnerability Scanner monitors installed WordPress plugins, themes, and core for known CVEs and patch guidance. It is not a general update reminder; it highlights components with known security exposure. Click Check Now to run an immediate check. If a License Required banner appears, activate the license before relying on vulnerability results.
AreaWhat you seeHow to use it
Summary cardsCritical / High, Total Vulnerabilities, and Affected Assets.Use Critical / High to prioritize urgent work. Use Affected Assets to estimate change impact.
Asset groupsComponent name, type, installed version, and issue count.Review by component so you can update, replace, or remove one asset at a time.
Vulnerability tableVulnerability, Affected, CVE, and Severity columns.Expand a row for the description or CVE link when available.
ActionsDelete Theme, Update Plugin, Update Theme, or Take Action.Use the action that matches the affected asset. Delete abandoned or unused themes and plugins instead of carrying the risk.
When no issues are present, the page shows No Vulnerabilities Found and confirms that plugins and themes appear secure and up to date.

How to Respond to CVEs

  1. Patch first when a supported update exists. Update the affected plugin, theme, or WordPress core. Recheck afterward.
  2. Remove what you do not use. Inactive themes and plugins still represent code on disk. Delete unused vulnerable components.
  3. Replace abandoned software. If no update exists and the component is business-critical, plan a replacement and use Firewall and Hardening controls to reduce exposure until migration.
  4. Document exceptions. If a vulnerability cannot be fixed immediately, record severity, affected version, business owner, compensating control, and target fix date.
  5. Do not ignore Critical or High findings silently. The Dashboard will continue to surface active vulnerabilities because they affect site risk.