The vulnerability scanner checks your installed plugins against a list of known vulnerabilities and warns you if it finds a plugin installed that contains a flaw.
The list it checks against is pulled from open sources such as the NVD – National Vulnerability Database and downloaded from our API to your server.
Your installed plugins are then checked against the list and you will be alerted to any vulnerable plugins on your website or if you are running a version of WordPress that has known vulnerabilities.
All data stays on your server! The plugin downloads a list of known vulnerabilities and then does all the checking on your website. No data is sent back to our servers, so we will not know if you have any vulnerabilities on your website.