WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

08 December 2025
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively ...

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

03 December 2025
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has ...

Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control

03 December 2025
Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has ...

Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control

03 December 2025
Critical Elementor Plugin Vulnerability Let Attackers Takeover WordPress Site Admin Control A serious vulnerability has been discovered in the King Addons for Elementor WordPress plugin, ...

W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks

18 November 2025
W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks A critical command injection vulnerability has been discovered in the W3 Total Cache ...

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

11 November 2025
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier ...

AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks

05 November 2025
AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 ...

WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks

05 November 2025
WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks A critical security flaw in the WordPress Post SMTP plugin has left more than 400,000 websites ...
Latest Updates and Insights on WordPress Security »