About WPScan

WPScan started as a simple Ruby script in 2011 to help identify vulnerabilities in self-hosted WordPress websites. The simple script matured into a large software project and gained popularity amongst the security and WordPress communities.

WPScan Vulnerability Database

The WPScan WordPress Vulnerability Database is a database of WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities. This database has been compiled by the WPScan Team and various other contributors since WPScan's release. The development of the WPScan WordPress Vulnerability Database was originally funded by BruCON's 5by5 project.

The WPScan Team

Ryan Dewhurst

Ryan Dewhurst comes from a Web Application Security Testing background and is now based in France (Basque Country). When he's not writing or breaking code, you can find him drinking beer, lounging on the local beaches or working in his garden.

Christian Mehlmauer

Christian Mehlmauer AKA 'FireFart' is an Austrian Penetration Tester. He's also interested in security outside of his day job, he likes to break things and bypass application restrictions. In his free time you can find him doing sports, sleeping, eating or breaking even more stuff.


Erwan, the French Ruby connoisseur. He likes to make things just to then go and break them again. He's the maker of makers and the breaker of breakers. There are rumours that he once glanced in the direction of a WordPress blog and it fell to its knees and wept. He's also a super nice guy!

Hack the Planet

Climate change is one of the biggest threats to the sustainability of our home, planet Earth. Deforestation, oil production and use, industrial farming, pollution, and many other factors are threatening our very existence. World governments are not doing enough to help tackle climate change with the urgency that is needed. We as businesses and individuals have to take responsibility to try to curb the destruction of our home.To do our part for climate change we pledge to:- Donate 2% of our yearly profits to a charity that positively impacts climate change.- Favour third party vendors who have green initiatives.

Common Vulnerabilities and Exposures (CVE)

The WPScan Vulnerability Database uses CVE Identifiers to allow users to cross reference vulnerabilities with different tools and vulnerability databases. Each vulnerability in our database will contain a CVE Identifier if one has been assigned and if we are aware of it. The CVE number will be displayed on the individual vulnerability's page as well as within the API's output. The search functionality can also be used to search for vulnerabilities by CVE Identifiers.Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. For further information see: https://cve.mitre.org/about/The Common Vulnerabilities and Exposures (CVE®) Compatibility Program provides for a tool, service, Web site, database, or advisory / alert that uses CVE identifiers in a way that allows it to cross-link with other repositories that use CVE identifiers to be reviewed and registered as "CVE-Compatible."