About WPScan

WPScan is a black box WordPress vulnerability scanner. WPScan is written in Ruby, the first version of WPScan was released on the 16th of June 2011. Today WPScan is maintained by the WPScan Team and other contributors. If you would like to use and/or contribute to WPScan you can do so from our Github repository.

WPScan Vulnerability Database

The WPScan Vulnerability Database is an online browsable version of WPScan's data files which are used to detect known WordPress core, plugin and theme vulnerabilities. This database has been compiled by the WPScan Team and various other contributors since WPScan's release. The development of the WPScan Vulnerability Database was funded by BruCON's 5by5 project.

The WPScan Team

Christian Mehlmauer AKA 'FireFart' is an Austrian Penetration Tester. He's also interested in security outside of his day job, he likes to break things and bypass application restrictions. In his free time you can find him doing sports, sleeping, eating or breaking even more stuff.
Erwan, the French Ruby connoisseur. During the day he breaks web applications and networks for UK based security consultancy, RandomStorm. At night, you can find him hanging upside down in his bat cave developing all sorts of software applications. In his spare time he likes to break/write software and fight evil wherever it may appear.
Peter likes hacking in daily life. Sometimes he breaks things because he never reads the manual before usage and he isn't afraid of security seals on products. He works in the IT industry as a consultant. If he can't find any security breach anymore, you can find him cycling or photographing for making stop motion movies. He likes Belgium beer, home made lasagna and he tries to grow tomatoes under the Dutch sun.
Ryan Dewhurst is a Freelance Security Tester based in France with over 5 years experience working in Web Application Security for a UK based security consultancy. When he's not writing or breaking code, you can find him drinking beer, lounging on the local beaches or working in his garden.

Special Thanks

The WPScan Vulnerability Database was originally funded by BruCON's 5by5 project.

BruCON Logo

Common Vulnerabilities and Exposures (CVE)

The WPScan Vulnerability Database uses CVE Identifiers to allow users to cross reference vulnerabilities with different tools and vulnerability databases. Each vulnerability in our database will contain a CVE Identifier if one has been assigned and if we are aware of it. The CVE number will be displayed on the individual vulnerability's page as well as within the API's output. The search functionality can also be used to search for vulnerabilities by CVE Identifiers.

Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. For further information see: https://cve.mitre.org/about/

The Common Vulnerabilities and Exposures (CVE®) Compatibility Program provides for a tool, service, Web site, database, or advisory / alert that uses CVE identifiers in a way that allows it to cross-link with other repositories that use CVE identifiers to be reviewed and registered as "CVE-Compatible."