All of the vulnerabilities are manually entered into our database by a WordPress security professional. That means that each vulnerability is manually checked, which, although is very time consuming, drastically reduces the posibility of false positives.

Our vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves. We are a CVE Numbering Authority (CNA), so we are able to directly assign CVE numbers for WordPress core vulnerabilities, plugin vulnerabilities and theme vulnerabilities.

We are constantly updating older vulnerabilities with new information as it comes to light. Check out our WordPress Vulnerability Statistics for further details about our vulnerability data.

No. The only data the API stores is the scanner IP or domain, the WordPress version, plugin slugs and theme slugs. As well as, number of API requests, date and time stamps.

This will entirely depend on your needs and level of expertise.

Our WordPress security plugin is installed on your WordPress website and scans your websites daily with our API data to check if any of your plugins or themes are affected by any new security vulnerabilities.

Our WordPress security scanner is more targetted towards security professionals and developers. It uses a command line interface and therefore may be too technical for some users. The WPScan security scanner uses a black box approach to scanning and will give a hacker's point of view of your website's security.

You can also use our API directly within your own products and services. This is great if you don't want to use our WordPress security plugin or security scanner. You can build your own products and services using our data.