When plugin is removed from WordPress org Plugin Directory no warning is provided in WordPress admin area if that plugin is installed in website.
If the plugin contains vulnerability the website could be vulnerable to being exploited until the plugin is deleted from the installation or security update is released and applied..
If you want WordPress to begin alerting when installed plugins have been removed from the directory please make sure to vote for implementing that in WordPress.
In the time, this plugin adds page to WordPress to check if any plugins installed WordPress are on list of plugins that are no in WordPress org Plugin Directory so that WordPress administrators are alerted to the issue..
The plugin will also separately list any plugins that have not been updated in WordPress org Plugin Directory in over two years..
For removed plugins that have vulnerability, link to advisory maybe included in the results of the check..
In the past we have been about the only ones notifying Plugin Directory of plugins with disclosed vulnerabilities in their current versions.
Until WordPress starts to fix those issue, you can get comprehensive monitoring of security vulnerabilities with our Plugin Vulnerabilities service.
To insure that plugins that have returned to WordPress org Plugin Directory since the list was last updated are not warned about, the plugin rechecks WordPress org Plugin Directory to confirm any installed plugins that are on the list have not returned to the directory..
The check is done using the directory name which could lead to plugins that have never been in the directory to be flagged if they use the same name as plugin that was in WordPress org Plugin Directory.
Read more
Related items:
