If you’ve purchased a WordPress theme from one of the big marketplaces like ThemeForest in the past few years there’s a good chance the theme came with extended licenses for one or more of the really popular Commercial WordPress plugins that are not available for download directly from the WordPress.org plugin repository. This includes popular plugins like Visual Composer, Layer Slider and Slider Revolution (and many more commercial plugins typically sold via CodeCanyon.
Most ThemeForest theme authors will typically use the TGM plugin activation class (TGMPA class) to make it reasonably straightforward to install these plugins upon first use. The TGMPA class also makes it straightforward for theme authors to provide plugin updates via their theme updates.
Yet despite this, thousands of WordPress websites are not running the latest versions of commercial plugins bundled via ThemeForest themes. This is a pretty big problem as all it takes is one major security vulnerability in one of these plugins (like that which happened with Slider Revolution a couple of years ago) and we immediately have thousands of exposed WordPress websites that can’t be easily fixed.