Currently, you can set up to receive an email once a month if plugins have security vulnerabilities. This can lead to security risks. Plugins like Ninja Firewall send an email immediately for this reason. Since Kinsta is protected by Cloudflare WAF, you don’t actually need an extra security plugin. And it also doesn’t make sense to install a plugin just for notifications. Therefore, it would be better if there was an option to enable immediate email notifications.
Hi @bjoernzosel ! 
Welcome to the Kinsta community.
The monthly vulnerability emails are more of a “roundup” email to highlight known vulnerabilities; however vulnerabilities that are considered critical or severe enough to warrant an individual email are still being sent in those instances. What happens in those instances is our security team analyzes each vulnerability notice, and if we determine it to be a significant threat to sites on our platform, we will send out notifications immediately regardless of the monthly setting.
If you do have any other questions, please let us know!
Thanks for the quick reply, Jack!
Specifically, this concerns the following vulnerability, which has a score of 5.3: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-pdf-flipbook-viewer-flipbook-image-gallery -11616-unauthenticated-sensitive-information-exposure
Does the fact that the Kinsta team does not send any emails mean that the vulnerability cannot be exploited?
@bjoernzosel : We did not send an immediate email in this instance, because based on the Patchstack information, we believe this is likely difficult or unlikely to be exploited on a site. That being said, we would still recommend updating once the developer patches this.
Thank you very much for the information. However, I would prefer if I would be informed, even if it’s not likely to be exploited, so that I can make the decision whether I deactivate the plugin or not.
@bjoernzosel I can certainly understand where you’re coming from here; I’ll submit that as a feature request to our team for lower-level vulnerabilities.
If you do have any other questions as well, please let us know!