About WPScan

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. WPScan is written in Ruby, the first version of WPScan was released on the 16th of June 2011. Today WPScan is maintained by the WPScan Team and other contributors. If you would like to use and/or contribute to WPScan you can do so from our Github repository.

WPScan Vulnerability Database

The WPScan Vulnerability Database is a database of WordPress Core, Plugin and Theme vulnerabilities. This database has been compiled by the WPScan Team and various other contributors since WPScan's release. The development of the WPScan Vulnerability Database was originally funded by BruCON's 5by5 project.

The WPScan Team

Ryan Dewhurst is a Web Application Security Tester based in France, who founded Dewhurst Security. When he's not writing or breaking code, you can find him drinking beer, lounging on the local beaches or working in his garden.
Christian Mehlmauer AKA 'FireFart' is an Austrian Penetration Tester. He's also interested in security outside of his day job, he likes to break things and bypass application restrictions. In his free time you can find him doing sports, sleeping, eating or breaking even more stuff.
Erwan, the French Ruby connoisseur. He likes to make things just to then go and break them again. He's the maker of makers and the breaker of breakers. There are rumours that he once glanced in the direction of a WordPress blog and it fell to its knees and wept. He's also a super nice guy!

Common Vulnerabilities and Exposures (CVE)

The WPScan Vulnerability Database uses CVE Identifiers to allow users to cross reference vulnerabilities with different tools and vulnerability databases. Each vulnerability in our database will contain a CVE Identifier if one has been assigned and if we are aware of it. The CVE number will be displayed on the individual vulnerability's page as well as within the API's output. The search functionality can also be used to search for vulnerabilities by CVE Identifiers.

Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. For further information see: https://cve.mitre.org/about/

The Common Vulnerabilities and Exposures (CVE®) Compatibility Program provides for a tool, service, Web site, database, or advisory / alert that uses CVE identifiers in a way that allows it to cross-link with other repositories that use CVE identifiers to be reviewed and registered as "CVE-Compatible."