To increase the value of external asset vulnerability management or external scanning in general would be the ability to detect Wordpress plugins that are either outdated or have critical vulnerabilities.

Same would go for Jenkins and other website components that threat actors can detect through scanning.