• Paid Vulnerability Email Alerts

    On March 2nd 2020 we will be introducing paid vulnerability email alerts for instant and daily emails. Traditionally we have been giving these away free of charge to our users, but the number of subscribers has increased steadily over the years and they are starting to become a significant monthly cost to us. More

  • January 2020 Monthly Vulnerability Roundup

    WordPress Plugin Vulnerabilities Strong Testimonials < 2.40.1 – Stored Cross Site Scripting (XSS)GistPress < 3.0.2 – Authenticated Stored XSSCode Snippets < 2.14.0 – CSRF to RCEElementor Page Builder < 2.8.5 – Authenticated Reflected XSSElementor Page Builder < 2.7.6 – Authenticated Stored XSSWPS Hide Login < 1.5.5 – Secret Login Page DisclosureWP DS FAQ Plus <… More

  • Dradis WPScan Integration

    We’re happy to announce that WPScan’s CLI JSON output can now be seamlessly imported into the Dradis Framework! More

  • New WPScan Vulnerability Webhooks

    We have just launched a new feature on our WordPress Vulnerability Database that will allow Enterprise API users to configure a Webhook that will be triggered every time a new vulnerability is added to our database. This has been a much requested feature by our Enterprise users and we are happy to be able to supply a… More

  • Old WPScan Deprecation on February 1st

    We released WPScan 3.7.0 on September 13th 2019, which uses the WPVulnDB API to fetch vulnerability data in real time. On February 1st 2020, we will be deprecating the use of older versions of WPScan, prior to version 3.7.0. Anyone using WPScan that is at a version lesser than 3.7.0 will have to update to at least version… More

  • Our new sponsor: Automattic

    We’d like to introduce you to our new sponsor Automattic! More

  • WPScan WordPress Security Commandments Poster

    oday we are releasing three different posters related to WPScan and WordPress security. Hopefully you find them useful enough and beautiful enough to hang on your wall. More

  • WPScan Plugin Security Commandments Poster

    rs related to WPScan and WordPress security. Hopefully you find them useful enough and beautiful enough to hang on your wall. More

  • WPScan CLI Cheat Sheet Poster

    day we are releasing three different posters related to WPScan and WordPress security. Hopefully you find them useful enough and beautiful enough to hang on your wall. More

  • WordPress 5.2.4 Security Release Breakdown

    Yesterday, October 14th 2019, WordPress released version 5.2.4 as a security release. According to WordPress, WordPress version 5.2.4 fixes 6 security issues. WordPress <= 5.2.3 – Stored XSS in CustomizerWordPress <= 5.2.3 – Unauthenticated View Private/Draft PostsWordPress <= 5.2.3 – Stored XSS in Style TagsWordPress <= 5.2.3 – JSON Request Cache PoisoningWordPress <= 5.2.3 -… More