The Vulnerabilities Scanner is a part of the Hack Guard module. It is designed to regularly (once daily) scan your list of the installed WordPress plugins and compare their current versions against a list of known plugin vulnerabilities

What is a "known" plugin vulnerability?

A "known" vulnerability is one that has been publicly identified and is known to exist. 

An "unknown" vulnerability is one that exists but is not publicly known.

What does this scanner not do?

This scanner will not detect the presence of security vulnerabilities in a plugin that are not "known".

What does this scanner do?

When a plugin is discovered that is known to contain a security vulnerability, the plugin will do 2x things:

  1. It will highlight the plugin on the plugins listing page on your WordPress admin
  2. It will send an email once per day (when the cron runs) notifying you for the plugin

This scanner is enabled from within Hack Guard module. You can also set it to automatically apply updates to items with known vulnerabilities when an update becomes available. 

You can run this scanner from within Shield Security Dashboard => Scans section. Vulnerable plugins will be shown there, for example:

The vulnerable plugin will be also highlighted on the plugins listing page on your WordPress admin:

Note: The Vulnerabilities Scanner is available with the Shield Pro only. To find out what the extra features for the Shield Pro are, read the article here.