Problem Description
You've got a WordPress site and you'd like to learn if there are any known vulnerabilities with any of the installed plugins or themes.
Problem Resolution
As of early 2025, our 1-click web apps utility, powered by Installatron, will now show you a list of installed and active plugins and themes and indicate if there are any known vulnerabilities in them! Here's how to see this:
- Login to Plesk
- Choose 1-click web apps or Installatron
- Beside your website in the list, choose the Edit button
- Select the Plugins tab (or Themes for the same type of results)
- Beside each plugin's name and version, if it is a vulnerable version of the plugin, you will see a warning icon (orange triangle) and the words "Security Issues"
For any plugin that you see that Security Issues warning, you should look for updates to that plugin and install them. If it is a free plugin - or a paid plugin with a license installed - you should be able to automatically update those plugins. When automatic update is available, you will see an Update button to the left of the Edit button.
If you don't see an Update button, that means you will need to manually look for updates for those plugins or themes. It's likely because they require a manual download from the vendor's website, then to install the new version manually on your site.
To manually install plugins: you can either do this A) from the same Plugins tab in 1-click web apps, B) from within WordPress (Plugins > Add New), C) using the Plesk File Manager by navigating to the web root > wp-content > plugins and uploading and extracting the plugin zip file there.
To manually install themes: you can do this A) from the same Themes tab in 1-click web apps, B) from within WordPress (Appearance > Themes > Add New), C) using the Plesk File Manager by navigating to the web root > wp-content > themes and uploading and extracting the theme zip file there.
It is recommended to take a backup in 1-click web apps before updating any themes or plugins. You could alternatively make a zip of the existing theme/plugin folder before overwriting it. That way you can simply extract the zip of that one plugin/theme to restore the prior version faster than restoring the entire site.
