It is important to keep themes and plugins updated on your WordPress website as hackers are always looking up for security issues to take advantage of it and plugin developers are not sitting bored to push up some unnecessary update, most of the updates are made to fix security issues. That is why you notice some minor WordPress versions with security release title.
But this is not all, sometimes updates come are vulnerable and might cause some security issue on your website. Before WordPress or plugin author takes notice of such updates and warns you, it is better to stop such updates from running on your website.
The reason is when a vulnerable plugin is found. WordPress removes it from it’s from its plugin repository but that doesn’t remove it from your website. We have posted on getting alerts for such type of plugins. Now, this post is about getting alerts on vulnerable plugin updates.
WP Vulnerable Updates is an automated vulnerability checking plugin which works in real time and alerts you if any vulnerable updates are found on your website.
How does it work?
It checks vulnerable updates from wpvulndb.com on every 12 hours period and warns you on vulnerable updates via email. All you have to do is install-activate the plugin then visit Settings -> WP Vulnerable Updates page in your admin area and add your email address to receive alerts.
The advantage of using this plugin is that it calls third-party service so fewer resources are consumed on your hosting. It uses WP Cron to check for the Vulnerable updates so no external requests to your server and cached API results to decrease backend load time significantly.
Other Alternatives
Vulnerable Plugin Checker and Plugin Vulnerabilities are two more alternatives that also checks installed plugins against a list of vulnerabilities.