There are tens of thousands of plugins and themes created by the WordPress community, most are frequently updated by their authors to fix security vulnerabilities that can allow malware to infect your website. Plesk have updated the WordPress Toolkit to automatically scan and alert you when a vulnerable plugin or theme is found on your WordPress website.

Example Notification

The notification email can contain the text “WordPress Toolkit has detected new vulnerabilities on WordPress sites under your care”, along with a table of affected websites, plugins, themes and their current version:
plesk wordpress toolkit vulnerability notification

How to Resolve

Update, Update, Update!

Installing available updates is the best way to fix a vulnerability.

See our article on keeping WordPress secure here for more information:

Deactivate and Remove the Plugin

If the plugin is vulnerable and hasn’t had an update in the last 6 months it’s unlikely an update will be released to fix the issue. In these cases you should discuss the problem with your developer to find a suitable replacement, then remove the plugin.


Deactivated Plugins and themes can still be used maliciously if they are not deleted.

If you’re unsure about what action to take, we recommend contacting your developer for further assistance.

Was this article helpful?