How are vulnerabilities identified and fixed?
Installed WordPress Core, Plugins, Themes are checked against the database at https://wpvulndb.com/
If our system detects a vulnerable plugin, a priority 1 ticket is generated for immediate action.
Generally it requires an update to be applied from the vendor, and if no update is available, we notify the developer to please attend to it as soon as possible.
We keep track of the process until our system tells us the site is protected.
To us this is a key aspect of our site security management process.