Dive into Savings with MainWP - $50 OFF on our Yearly Plan!
👉 Hurry, before the deal fades to black! ⏰

Vulnerability Checker

MainWP Vulnerability Checker extension uses either the free MainWP NVD API or the paid WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.

Get information on vulnerable plugins and themes and the issues directly from your MainWP Dashboard.

  • The Vulnerability Extension gathers the latest information in real-time
  • Get notified about vulnerabilities on your websites
  • Update vulnerable plugins
  • Delete vulnerable plugins


This is a free API provided by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

The NIST NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance.

The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

NVD Nist API Database can not be searched by plugin/theme slug (which would be unique for each item) and assure better accuracy; it can be searched by keyword only. This means that the API can return some false-positive results.

The NVD Nist API lacks the “Fixed in version” info for some vulnerabilities, leading to an Extension showing vulnerabilities that have already been resolved. To remove false positives and get accurate results, you can use the “Ignore” function to detect vulnerabilities if you recognize them as false-positive.


WordPress Vulnerability Checker - MainWP

– WPScan API

The WPScan Vulnerability Database is an online browsable version of WPScan’s data files used to detect known WordPress core, plugin, and theme vulnerabilities. WPScan is an enterprise-strength vulnerability scanner operated by Automattic, the maker of

All vulnerabilities are manually entered into their database by dedicated WordPress security professionals. WPScan works with security researchers, vendors, and WordPress to triage vulnerabilities.

Their vulnerability database is updated constantly as new information becomes available. We allow our users to utilize the WPScan API on MainWP, and access is available for purchase directly on

WPScan API can be used free of charge, with an API request limit of 25 per day. To increase this limit, feel free to contact the WPScan team. Please note that reaching the daily API request limit is very easy. If you have five sites with three plugins and a theme, you will hit the free 25 right away.

  • 5 WordPress core checks (1*5)
  • 15 Plugins checks (3*5)
  • 5 Theme checker (1*5)

Once you reach the daily API Requests limit, the Extension stops reporting and potentially leads to misleading results.

If you need to make more than 25 API requests per day, you need to contact the WPScan team for pricing.


Purchase Options

What is the Free Bundle?

Free Bundle includes all MainWP Free Extensions.

Extension Info

Extension Data Privacy Info


You can use this Extension on unlimited MainWP Dashboards that you own.


Looking for something?

Privacy laws apply to businesses that collect personal information. Since no personal information is collected by the MainWP plugins, no privacy laws apply to the MainWP plugins. This includes GDPR, UK DPA 2018, PIPEDA, Australia Privacy Act 1988, LGPD, PIPL, and other privacy laws.
Donata Stroink-Skillrud
Donata Stroink-Skillrud
President of Agency Attorneys

Your Download Is Just One Click Away

…or just download the plugin.

By entering your email, you agree to our Terms of Service and Privacy Policy.