— Using vScan
How the security score is calculated.
The Security Score is a single number from 0 to 100 that summarises your site's current vulnerability posture. A higher score means fewer and less severe vulnerabilities.
Score overview
The Security Score is a 0–100 number calculated after each scan. It represents the overall health of your site's software stack from a vulnerability perspective.
A score of 100 means no known vulnerabilities were found at the time of the scan. A score of 0 means the site has critical unpatched vulnerabilities across multiple components.
Scoring factors
The score is a weighted combination of:
| Factor | Description |
|---|---|
| CVE severity (CVSS) | Higher CVSS scores (e.g. 9.8 Critical) carry more weight than low-severity findings |
| Number of vulnerabilities | More CVEs lower the score |
| Component exposure | Core files and actively-used plugins are weighted more heavily than inactive items |
| Fix availability | Components with a known patched version available are flagged as higher-priority |
The exact weighting is designed to surface the most exploitable, most impactful findings first.
Score tiers
| Score | Tier | What it means |
|---|---|---|
| 80–100 | Good | No critical findings; any issues are low-severity |
| 60–79 | Fair | At least one medium-severity finding worth reviewing |
| 40–59 | Poor | High-severity vulnerabilities present; act within the week |
| 0–39 | Critical | One or more critical CVEs; act immediately |
When the score changes
The score updates after every scan. It can go up or down:
- Goes up — you update a vulnerable component, or new scan data shows a previously unknown item is not actually vulnerable.
- Goes down — a new CVE is published that affects one of your installed components, or you install a new plugin/theme that has known vulnerabilities.
Because the AskarLabs vulnerability feed is updated continuously, your score can change between scans even if you have not touched anything on your site. This reflects real-world threat changes, not problems with the plugin.
