Author: wpscanteam

There are many reasons to submit WordPress core, plugin vulnerabilities and theme vulnerabilities to the WPScan WordPress vulnerability database. We’ve listed just a few below! 1. Responsible Disclosure Our team will help you with the vulnerability responsible disclosure process. Submit the vulnerability details to us and we will ensure that the vulnerability is handled properly. We will More

In this blog post we are going to look at the vulnerabilities added to the WPScan WordPress Vulnerability Database in July 2021. The vulnerabilities were all hand curated and added to our database by WordPress security experts. The vulnerabilities come from independent security researchers from the security community who submit them to us via our More

Over the past 10 years that WPScan have been cataloging WordPress vulnerabilities, we have had many hundreds of independent security researchers contribute to our WordPress vulnerability database. Today, we talk to m0ze, a long time WPScan vulnerability database contributor, who shares his thoughts on the state of WordPress security today. Please introduce yourself.My name is Vlad, also More

A member of the WPScan research team discovered two security vulnerabilities within the premium WooCommerce Customers Manager WordPress plugin, versions less than 26.6. The following two vulnerabilities were identified and added to our WordPress vulnerability database: Authenticated Reflected Cross-Site Scripting – CVSS: 7.1 (High)Arbitrary User Account Creation/Update via CSRF – CVSS: 8.8 (High) More

What are Configuration File Backups? WordPress has a special file named wp-config.php that stores sensitive configuration information for your website. By default, the wp-config.php file stores the following information: MySQL settingsSecret keysDatabase table prefixABSPATH Developers can also store other sensitive information in the file. More

It’s that time of year again where we donate 2% of our profits to a charity that positively impacts climate change, and this year we chose Sea Shepherd France again. We do this every year as part of our Hack the Planet pledge. We launched several new versions of our WPScan WordPress security plugin, which now contains additional… More

Here at WPScan we launched our brand new website, which we’re super happy with, and feedback so far has been overwhelmingly positive! We released three new versions of our WPScan WordPress security scanner, adding the login-uri option to specify the wp-login.php file location. We also released two new versions of our WordPress security plugin, implementing new features such as the ability to… More

WordPress 5.5.2 was released on October 30th 2020, reportedly fixing 10 security vulnerabilities. Below are the vulnerabilities that were mentioned in the release notes and that have been added to the WPScan WordPress Vulnerability Database so far, including one from our very own security researcher, Erwan. More

This is a copy of the WPScan User Documentation. Please refer to the Github Wiki version for the most up to date information. Introduction WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. WPScan is written in the Ruby… More