Be the first to know about new WordPress vulnerabilities

  • CheckmarkAll vulnerabilities are manually entered into our database by dedicated WordPress security professionals.
  • CheckmarkWe work with security researchers, vendors, and WordPress to triage vulnerabilities.
  • CheckmarkOur vulnerability database is updated constantly as new information becomes available.
WPScan vulnerability database example
61Vulnerabilities added in August
29,152Total vulnerabilities in our database

Install the WordPress plugin to get started

Our WordPress security services

WordPress Logo

Free WordPress plugin

Get daily vulnerability scans, email reports, and report downloads with the WordPress plugin.

Get it now
Vector icon

CLI security scanner

Get the hackers’ point of view with a command line interface written for security professionals.

Get details
Vector icon

Versatile API

Tap directly into the vulnerability database API to get the latest WordPress vulnerabilities.

Get details

Security Solutions For Everyone

Enterprise

WordPress protection with custom solutions for large enterprises.
  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores

Small Business

For most sites, we recommend Jetpack Protect — the partner product of WPScan, by Automattic. It has all the power of WPScan with an easy-to-use interface.
  • Automated daily scanning
  • Recommended fixes

Researchers can use the CLI tool to make 75 API requests per day. Get started

View all FAQ

Trusted by enterprise & small businesses

Kinsta
Accenture
Sony
Go Daddy
Mercedes Benz Group
University of North Carolina

A tiny plugin that timely reports vulnerable themes and plugins installed on your website. Effective and very easy to use - must have!

Exmi

Very helpful! It saves hours of work, and still it's pretty simple to use

Kenny Moore