Skip to content
2 Free Scans
NEW: auto-exploit Apache Arbitrary File Read & gain RCE with SNIPER

WordPress Vulnerability Scanner - WPScan

Find vulnerabilities and exploits in WordPress core, plugins and themes

Scan Now
Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our WordPress Vulnerability Scanner - WPScan! Compare pricing plans and discover more tools and features.

Sign up

Sample Report

Here is a WordPress Vulnerability Scanner - WPScan sample report:

  • Includes all discovered plugins, themes and their versions
  • Shows vulnerabilities and exploits which affect each component
  • Shows WordPress configuration issues (directory listing, backup files, etc)
  • Contains WordPress fingerprinting information

Download Sample Report

Sample report

WordPress Vulnerability Scanner - WPScan - Use Cases

This tool helps you discover security issues and vulnerabilities in the target WordPress website using the most advanced WordPress scanner: WPScan.

WordPress Penetration Testing

You can speed-up your penetration test using this scanner since it is already installed, configured and ready-to-go. Quickly discover vulnerable plugins, themes and other configuration issues.

Self-Security Assessment

Check if your own installation of WordPress is updated and properly configured. Enumerate your existing plugins and verify if they are at the latest version.

Third-Party Website Audit

If you are a web development company, you can also show this report to your clients and prove that you have implemented the proper security measures in the WordPress website.

Technical Details


About

This is a black-box vulnerability scanner that performs multiple tests to identify security weaknesses in the target WordPress website. The scan is performed remotely, without authentication and it simulates an external attacker who tries to penetrate the target website.

List of tests performed

Here is the complete list of tests performed by WPScan:
  • Fingerprint the installed WordPress version
  • Show the vulnerabilities for the running WordPress version
  • Enumerate the installed plugins and their versions
  • Show the vulnerabilities for the identified plugins
  • Enumerate the installed themes and their versions
  • Show the vulnerabilities for the identified themes
  • Enumerate the WordPress users
  • Search for config backups
  • Search for database exports
  • Search for vulnerable timthumbs


Parameters

Parameter Description
Target URL This is the URL of the WordPress website that will be scanned. All URLs must start with http or https.
Don't forget to specify the complete path to the base directory of the WordPress installation. Ex. http://targetwp.com/blog/.
Detection Mode - Passive Runs a non-intrusive detection i.e it sends a few requests to the server. It commonly scans the home page for any vulnerability. The passive mode is less likely to be detected by IDS/IPS solutions
Detection Mode - Aggressive Performs a more intrusive scan as it sends numerous requests to the server. This approach has a greater chance to find the correct WordPress version, enumerate users and better find the plugins.
Enumerate Search for: usernames, vulnerable themes, vulnerable plugins, config backups, database dumps, timthumbs.


How it works

The scanner connects to the target WordPress website and does a series of passive checks to identify the WordPress version, plugins, themes, users, config backups, database dumps and timthumbs.

By analyzing the HTML source code and the HTTP headers, WPScan manages to extract all the necessary information to perform the assessment. The vulnerabilities presented are determined based on the specific versions of WordPress or plugins/themes that have been identified.

The tool has also a database of WordPress vulnerabilities which is maintained and updated periodically.


How do WordPress sites get hacked?

Since WordPress is a widely used platform, it often becomes a target for hackers. Their attacks are facilitated by the high number of outdated WordPress installations and outdated plugins and themes. These old versions of WordPress components contain vulnerabilities and security weaknesses that can be exploited.

A WordPress hack often starts by identifying which version of WordPress is running and what are the installed plugins and themes. The next step is to fingerprint the running versions of those components and to search for public vulnerabilities affecting them. A lot of public exploits are also available online.

For instance, a well-known WordPress plugin called Revolution Slider is affected by multiple high-risk vulnerabilities in some of its older versions.

  • Versions <= 4.1.4 of this plugin are affected by an Arbitrary File Download vulnerability which allows an attacker to download any file from the server (including PHP configuration files, database files, etc) by accessing a link such as http://vulnerable_wordpress.xx/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • Versions <= 3.0.95 of this plugin allow hackers to upload arbitrary files on the server including PHP shell files. The result of such an action is taking total control of the webserver.

These hacks can be prevented by periodically scanning the WordPress installation using a tool such as our WordPress vulnerability scanner and identifying vulnerable components. These must be updated and the WordPress installation becomes secure and trustworthy.