MainWP Vulnerability Checker extension uses WPScan Vulnerability Database API and NVD Nist API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.
Directly from your MainWP Dashboard, you will be able to see vulnerable plugins and themes, what the issues are.
- The Vulnerability database updates itself in real-time, so you don’t miss out on any vulnerabilities.
- Premium plugins and themes are a part of wpvulndb.com.
- Get notified of vulnerabilities.
- Update vulnerable versions
- Delete vulnerable versions
WPScan Vulnerability Database
The WPScan Vulnerability Database is an online browsable version of WPScan’s data files that are used to detect known WordPress core, plugin, and theme vulnerabilities. This database has been compiled by the WPScan Team and various other contributors since WPScan’s release. The development of the WPScan Vulnerability Database was funded by BruCON‘s 5by5 project.
MainWP NVD Database
This API is free, so it’s a good alternative for users that don’t have an active subscription to the WPVulnDB (https://wpscan.com/).
The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
Check Your Sites for Vulnerabilities
- Login to your MainWP Dashboard
- Go to the MainWP > Extensions > Vulnerability Checker Extension page
- Go to the Overview tab
- Click the Check all sites button
The Extension will check your sites right away.
Schedule Scans
If you want the Extension to perform automated checks,
- Login to your MainWP Dashboard
- Go to the MainWP > Extensions > Vulnerability Checker Extension page
- Go to the Settings tab
- Locate the Schedule Scans option
- Set your preference
- Save Settings
Include the Scan Process in the Sync Process
If you want the Vulnerability Checker extension to check your sites every time you Sync your sites,
- Login to your MainWP Dashboard
- Go to the MainWP > Extensions > Vulnerability Checker Extension page
- Go to the Settings tab
- Locate the Scan sites when syncing option
- Set the option to YES
- Save Settings
MainWP NVD API
Since the MainWP Vulnerability Checker Extension 4.1, MainWP NVD API that uses the NVD Nist API to find potential vulnerabilities on your child sites is available for all users.
MainWP NVD API requires MainWP Dashboard and MainWP Child 4.1.7!
The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
This API is free, so it’s a good alternative for users that don’t have an active subscription to the WPVulnDB (https://wpscan.com/).
To enable the MainWP NVD API,
- Go to the MainWP > Extensions > Vulnerability Checker > Settings page,
- Find the Select Service option and select MainWP NVD API,
- Save Settings.
Once the API Service has been selected, you can run the scan:
- Go to the MainWP > Extensions > Vulnerability Checker > Overview page,
- Click the Check All Sites button
NVD Nist API Database can not be searched by plugin/theme slug (which would be unique for each item) and assure better accuracy, it can be searched by keyword only. This means that the API can return some false-positive results. For some vulnerabilities, the NVD Nist API lacks the “Fixed in version” info which can lead to extension showing vulnerabilities that already have been resolved. To remove false positives and get accurate results, you can use the “Ignore” function for the detected vulnerabilities if you recognize them as false-positive.
