Appearance
Vulnerability Scanning
WPGrip automatically checks your plugins and themes against known security vulnerabilities.
How It Works
- WPScan database sync — WPGrip syncs the WPScan vulnerability database daily at 1:00 PM UTC
- Cross-reference — every plugin and theme on your sites is matched against known CVEs
- Alerting — vulnerable items are flagged in the dashboard
Where to See Vulnerabilities
Vulnerability indicators appear in multiple places:
- Sites list — badge showing the number of vulnerable plugins/themes
- Plugins panel — vulnerability severity badge per plugin
- Themes panel — same as plugins
- Site detail → Plugins/Themes — per-site vulnerability breakdown
Severity Levels
| Level | Meaning |
|---|---|
| Critical | Actively exploited, patch immediately |
| High | Serious vulnerability, update as soon as possible |
| Medium | Moderate risk, plan to update soon |
| Low | Minor issue, update at your convenience |
What To Do
When a vulnerability is detected:
- Check if a patched version is available
- Update the plugin/theme to the latest version via SSH/WP-CLI:bash
wp plugin update plugin-name wp theme update theme-name - If no patch exists, consider deactivating the vulnerable plugin
- WPGrip will clear the vulnerability flag on the next sync after updating
INFO
WPGrip detects vulnerabilities but does not automatically apply patches. You maintain full control over your sites.