// List installed plugins, classify (essential / safe / risky / abandoned), surface ones with known CVEs. Use monthly per site, or after every WP migration.
| name | plugin-audit |
| description | List installed plugins, classify (essential / safe / risky / abandoned), surface ones with known CVEs. Use monthly per site, or after every WP migration. |
Most WP sites have plugins that haven't been touched in years. Audit finds the risk.
plugin list --status=active or Rocket.net MCP)wiki/properties/websites/<domain>/plugin-audit-<date>.md---
kind: plugin-audit
domain: <domain>
audited_on: <date>
total: <n>
essential: <n>
safe: <n>
risky: <n>
abandoned: <n>
---
## Risky plugins
[Per-plugin: name, version, vulnerability, suggested action]
## Abandoned plugins
[Per-plugin: name, last update, suggested replacement]
## Actions
1. Update [list] (low risk)
2. Replace [list] (need alternative)
3. Remove if unused [list]