WPScan WordPress
Vulnerability Database
Be the first to know about vulnerabilities affecting your WordPress website
No credit card required
Cancel anytime
Useful and effective
A tiny plugin that timely reports vulnerable themes and plugins installed on your website. Effective and very easy to use – must have!
exmi
Trusted By
WHY WPSCAN
Cataloging 24,537 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme Vulnerabilities
Over 10 years
Collecting WordPress vulnerabilities for over 10 years
Dedicated Team
Dedicated team of WordPress security experts
Monitor Web
Continually monitoring the web for new vulnerabilities
Over 22,000
Over 22,000 vulnerabilities in our database
The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities.
All of the vulnerabilities are manually entered into our database by dedicated WordPress security professionals.
We work with security researchers, the vendors and WordPress, to properly triage vulnerabilities.
Our vulnerabilities are being constantly updated with new information as it becomes available.
Our vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves.
No credit card required
Cancel anytime
SERVICES
WPScan Can Help You Detect Vulnerabilities Before It's Too Late
WordPress Plugin
Vulnerability email alerts
Daily vulnerability scans
Report download
Vulnerability API
Constantly updated
Developer friendly
Risk scores, PoCs and more
Security Scanner
Get a hacker's point of view
Command line interface
Great user documentation
HOW IT WORKS
Install The WPScan WordPress Security Plugin and Start Securing Your Website
SECURITY RESEARCHERS
You can easily submit a vulnerability to our database. Get recognition and win rewards! 🎁
Get recognition
Speak to experts
Reviews (19)Rated 4.1 / 5
Find out Why 500+ Businesses Trust WPScan to Help Keep Their Websites Secure
Light and Great
Panos
Very useful plugin and easy to use!
Chantelmerinowale
Very helpful, saves hours of work
Kenny Moore
Simple and Transparent Pricing
FREE
€0/month
25 API requests a day
WordPress Vulnerabilities
Plugin Vulnerabilities
Theme Vulnerabilities
Vulnerability Classification
Vulnerability Fixed in
Vulnerability References
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
STARTER
€5/month
75 API requests a day
WordPress Vulnerabilities
Plugin Vulnerabilities
Theme Vulnerabilities
Vulnerability Classification
Vulnerability Fixed in
Vulnerability References
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
PROFESSIONAL
€25/month
300 API requests a day
WordPress Vulnerabilities
Plugin Vulnerabilities
Theme Vulnerabilities
Vulnerability Classification
Vulnerability Fixed in
Vulnerability References
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
ENTERPRISE
Custom Pricing
Instant email alerts
Vulnerability details by ID
Latest API endpoints
Webhooks: Slack & HTTP
Description & PoC API data
CVSS Risk Scores
Billed annually.
Frequently Asked Questions
Where does the vulnerability data come from?
All of the vulnerabilities are manually entered into our database by a WordPress security professional. That means that each vulnerability is manually checked, which, although is very time consuming, drastically reduces the posibility of false positives.
Our vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves. We are a CVE Numbering Authority (CNA), so we are able to directly assign CVE numbers for WordPress core vulnerabilities, plugin vulnerabilities and theme vulnerabilities.
We are constantly updating older vulnerabilities with new information as it comes to light. Check out our WordPress Vulnerability Statistics for further details about our vulnerability data
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme. On average, a WordPress website has 22 installed plugins.
Does the API collect user data?
No. The only data the API stores is the scanner IP or domain, the WordPress version, plugin slugs and theme slugs. As well as, number of API requests, date and time stamps.
Which service should I use? The plugin, the scanner, or the API directly?
This will entirely depend on your needs and level of expertise.
Our WordPress security plugin is installed on your WordPress website and scans your websites daily with our API data to check if any of your plugins or themes are affected by any new security vulnerabilities.
Our WordPress security scanner is more targetted towards security professionals and developers. It uses a command line interface and therefore may be too technical for some users. The WPScan security scanner uses a black box approach to scanning and will give a hacker's point of view of your website's security.
You can also use our API directly within your own products and services. This is great if you don't want to use our WordPress security plugin or security scanner. You can build your own products and services using our data.
Secure your Website in Less Than a Minute with WPScan WordPress Vulnerability Database
No credit card required
Cancel anytime