WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

31 March 2025
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code ...

WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries

24 March 2025
WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and ...

WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks

24 March 2025
WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 ...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

06 March 2025
Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code ...

WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks

05 March 2025
WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed ...

90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks

19 February 2025
90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites ...

Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely

17 February 2025
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, ...

TAG-124 Hacked 1000+ WordPress Sites To Embed Payloads

31 January 2025
TAG-124 Hacked 1000+ WordPress Sites To Embed Payloads A sophisticated cyber campaign orchestrated by the threat group TAG-124 has compromised over ...
Latest Updates and Insights on WordPress Security »