Site Vulnerability Scan: Support For Inactive Assets
The Site vulnerability scan for the WP Toolkit has been helping site administrators keep their sites secure for several months now. However, it was scanning only active plugins and themes, which could be a problem in some cases. If a site admin wanted to activate a previously inactive plugin, there was no way to check if this plugin was safe to activate (that is, if it contained known vulnerabilities).
To address this issue, WordPress Toolkit now also scans inactive plugins and themes. To help site admins correctly assess what needs to be addressed first, it’s now possible to filter out vulnerabilities based on whether they are found in active or inactive assets: