Skip to main content
VortexMedia

Free WordPress Plugin · Read-only vulnerability scanner

Is your WordPress site vulnerable? Find out in one click.

Vortex Security Check reads the plugins, themes and core you already have installed and checks them against known published vulnerabilities — then tells you the exact version to update to. Read-only, private, and free.

Get it on WordPress.org Coming soon Browse the Vulnerability Tracker

Read-only · No account · Your site data never leaves your server

Tools › Security Check

Security Check

2 known vulnerabilities foundUpdate the affected items below to the listed fixed version.
ItemInstalledSeverityVulnerabilityFix
WordPress corecore 6.7.1 Critical (9.8) Authenticated RCE · CVE-2026-XXXX Update to 6.7.2
Popular Sliderplugin 4.1.0 High (7.5) Stored XSS · CVE-2026-XXXX Update to 4.2.0

What it does

One question, answered clearly

Is anything on my site known to be vulnerable right now? Vortex Security Check answers it in seconds — no firewall to configure, no dashboard to learn, no upsell wall.

Reads what's installed

It gathers the version of every plugin, theme, and WordPress core on your site — exactly what an attacker would fingerprint first.

Matches known CVEs

Those versions are compared against an up-to-date feed of published vulnerabilities — matched right on your server, not in someone's cloud.

Shows the exact fix

Each finding lists the severity, the CVE, and the precise version to update to — sorted worst-first so you fix what matters most.

Safe by design

A security plugin that respects your site

Most "scanners" phone home with a list of everything you run. This one doesn't. The vulnerability list comes to your site, and the matching happens locally — so nothing about your setup is ever sent anywhere.

  • Strictly read-only. It never edits files, changes settings, or auto-updates anything. It advises; you decide.
  • Private. Your plugin list and URL never leave your server. No tracking, no analytics, no account.
  • Lightweight. It runs only when you open it — no constant background load, no slowdown.
  • No conflicts. Does no firewalling or active scanning, so it runs happily alongside Wordfence, Sucuri or any other security plugin.
Your WordPress siteDownloads the vulnerability feed
Matched locallyVersions compared on your server
Nothing sent off-siteYour plugin list stays with you

Up and running in a minute

Install, scan, done

No configuration, no API keys, no sign-up. Activate it and you have an answer.

Install & activate

Add Vortex Security Check from the WordPress plugin directory and activate it like any other plugin.

Open the check

Go to Tools › Security Check. The first scan runs automatically the moment you land there.

Fix what's flagged

Any affected item shows its severity and the version to update to. Update through the normal WordPress screens — you're done.

Vulnerability data: Wordfence Intelligence CVE references: MITRE Curated & hosted by Vortex Media

Why we built it

We track these threats every month

Vortex Media has kept WordPress sites secure since 1999. We publish a monthly WordPress Vulnerability Tracker breaking down the most serious plugin CVEs — this plugin puts that same intelligence directly inside your dashboard, free.

Knowing you're exposed is step one. If you'd rather never think about it again, our managed hosting and care plans monitor every disclosure and patch your plugins before attackers reach them.

See Managed Hosting Read the Tracker

Trusted, attributed data

Findings are powered by the same vulnerability intelligence the professionals use — Wordfence Intelligence and MITRE CVE records — clearly attributed inside the plugin, never dressed up as our own.

  • Covers plugins, themes and WordPress core
  • Refreshed on a regular schedule, cached locally
  • Clean uninstall — leaves nothing behind

Free to know. Effortless to stay safe.

Vortex Security Check lands on WordPress.org shortly — it will show you where you stand today, then let Vortex Media handle the patching, monitoring and maintenance so a new CVE is never your emergency.

Get the free plugin Coming soon Book a Free Security Call