Be the first to know about new WordPress vulnerabilities

  • All vulnerabilities are manually vetted in our database by seasoned WordPress security professionals.
  • WPScan works with security researchers, vendors, and the WordPress community to triage vulnerabilities.
  • The vulnerability database is updated constantly as we discover new threats.
Get started

Our WordPress Security Services

WordPress integrations

No matter the size of your business, we’ve got a WordPress plugin that fits into your existing workflows.

CLI security scanner

Get the hackers’ point of view with a command line interface written for security professionals.

Get details

Versatile API

Tap directly into the vulnerability database API to get the latest WordPress vulnerabilities.

Get details

Trusted by the world’s largest brands

“WPScan is a fantastic product. It’s fast, well written and comprehensive. It does one thing and does it really well.”

Mario Heiderich, CEO of pentesting firm Cure53

“The WPScan vulnerability database itself is of immense value. There is no other collection of WordPress vulnerabilities like this available anywhere else.”

Security Boulevard

Cataloging 50,631 WordPress core, plugin, and theme vulnerabilities

The WPScan database is continuously updated by leading WordPress security professionals.

Learn how it works

Screening WordPress vulnerabilities for over 10 years

Crack team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security Solutions For Everyone

Enterprise

Get a quote

WordPress protection with custom solutions for large enterprises.

  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores

Researcher

Start for free

Security researchers are welcome to use the CLI scanner and API for non‑commercial purposes.

  • CLI tools for researchers
  • Capped at 25 API calls per day

Need a small business plan?

Jetpack Protect is a free plugin that uses WPScan data to alert you about threats to your website. Upgrade for WAF and one‑click fixes.

Get Jetpack Protect

View all FAQ

View our Enterprise Terms of Service

Blog at WordPress.com.