WPScan WordPress
Vulnerability Database

Be the first to know about vulnerabilities affecting your WordPress website

Check markNo credit card required

Check markCancel anytime

quotes

Useful and effective

A tiny plugin that timely reports vulnerable themes and plugins installed on your website. Effective and very easy to use – must have!

exmi

WPSCAN database example

Trusted By

Kinsta Logo
Telefonica Logo
JetPack Logo
GoDaddy Logo
Roche Logo

WHY WPSCAN

Cataloging 23,130 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme Vulnerabilities

10 Years image

Over 10 years

Collecting WordPress vulnerabilities for over 10 years

Dedicated team image

Dedicated Team

Dedicated team of WordPress security experts

Monitor web image

Monitor Web

Continually monitoring the web for new vulnerabilities

Vulnerabilities counter image

Over 22,000

Over 22,000 vulnerabilities in our database

The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities.

Check markAll of the vulnerabilities are manually entered into our database by dedicated WordPress security professionals.

Check markWe work with security researchers, the vendors and WordPress, to properly triage vulnerabilities.

Check markOur vulnerabilities are being constantly updated with new information as it becomes available.

Check markOur vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves.

Check markNo credit card required

Check markCancel anytime

WPSCAN database example

SERVICES

WPScan Can Help You Detect Vulnerabilities Before It's Too Late

WordPress Plugin

WordPress Plugin

Check markVulnerability email alerts

Check markDaily vulnerability scans

Check markReport download

Vulnerability API

Vulnerability API

Check markConstantly updated

Check markDeveloper friendly

Check markRisk scores, PoCs and more

Security Scanner

Security Scanner

Check markGet a hacker's point of view

Check markCommand line interface

Check markGreat user documentation

HOW IT WORKS

Install The WPScan WordPress Security Plugin and Start Securing Your Website

WPScan WordPress Security Plugin Video

SECURITY RESEARCHERS

You can easily submit a vulnerability to our database. Get recognition and win rewards! 🎁

Check markGet recognition

Check markSpeak to experts

Add to database image
Wordpress logoReviews (19)

Rated 4.1 / 5

Find out Why 500+ Businesses Trust WPScan to Help Keep Their Websites Secure

Quote image

Light and Great

Panos

Quote image

Very useful plugin and easy to use!

Chantelmerinowale

Quote image

Very helpful, saves hours of work

Kenny Moore

Simple and Transparent Pricing

FREE

€0/month

Check mark25 API requests a day

Check markWordPress Vulnerabilities

Check markPlugin Vulnerabilities

Check markTheme Vulnerabilities

Check markVulnerability Classification

Check markVulnerability Fixed in

Check markVulnerability References

How many API requests do I need?

Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.

On average, a WordPress website has 22 installed plugins.

STARTER

€5/month

Check mark75 API requests a day

Check markWordPress Vulnerabilities

Check markPlugin Vulnerabilities

Check markTheme Vulnerabilities

Check markVulnerability Classification

Check markVulnerability Fixed in

Check markVulnerability References

How many API requests do I need?

Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.

On average, a WordPress website has 22 installed plugins.

PROFESSIONAL

€25/month

Check mark300 API requests a day

Check markWordPress Vulnerabilities

Check markPlugin Vulnerabilities

Check markTheme Vulnerabilities

Check markVulnerability Classification

Check markVulnerability Fixed in

Check markVulnerability References

How many API requests do I need?

Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.

On average, a WordPress website has 22 installed plugins.

ENTERPRISE

Custom Pricing

Check markUnlimited API requests

Check markInstant email alerts

Check markVulnerability details by ID

Check markLatest API endpoints

Check markWebhooks: Slack & HTTP

Check markDescription & PoC API data

Check markCVSS Risk Scores

Prices start from €2000 per year for up to 133 websites, then €15 per year for each additional website.

Discounts are available for high numbers of websites.

Billed annually.

Frequently Asked Questions

Where does the vulnerability data come from?

Accordion arrow

All of the vulnerabilities are manually entered into our database by a WordPress security professional. That means that each vulnerability is manually checked, which, although is very time consuming, drastically reduces the posibility of false positives.

Our vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves. We are a CVE Numbering Authority (CNA), so we are able to directly assign CVE numbers for WordPress core vulnerabilities, plugin vulnerabilities and theme vulnerabilities.

We are constantly updating older vulnerabilities with new information as it comes to light. Check out our WordPress Vulnerability Statistics for further details about our vulnerability data

How many API requests do I need?

Accordion arrow

Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme. On average, a WordPress website has 22 installed plugins.

Does the API collect user data?

Accordion arrow

No. The only data the API stores is the scanner IP or domain, the WordPress version, plugin slugs and theme slugs. As well as, number of API requests, date and time stamps.

Which service should I use? The plugin, the scanner, or the API directly?

Accordion arrow

This will entirely depend on your needs and level of expertise.

Our WordPress security plugin is installed on your WordPress website and scans your websites daily with our API data to check if any of your plugins or themes are affected by any new security vulnerabilities.

Our WordPress security scanner is more targetted towards security professionals and developers. It uses a command line interface and therefore may be too technical for some users. The WPScan security scanner uses a black box approach to scanning and will give a hacker's point of view of your website's security.

You can also use our API directly within your own products and services. This is great if you don't want to use our WordPress security plugin or security scanner. You can build your own products and services using our data.

Man working on laptop

Secure your Website in Less Than a Minute with WPScan WordPress Vulnerability Database

Check markNo credit card required

Check markCancel anytime