WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure

100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure A severe vulnerability in the popular WordPress plugin SureTriggers has been actively exploited ...

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come ...

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code ...

WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries

WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and ...

WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks

WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 ...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code ...

WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks

WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed ...

90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks

90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites ...