WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks

18 November 2025
W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks A critical command injection vulnerability has been discovered in the W3 Total Cache ...

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

11 November 2025
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier ...

AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks

05 November 2025
AI Engine WordPress Plugin Exposes 100,000 WordPress Sites to Privilege Escalation Attacks A critical security vulnerability in the AI Engine WordPress plugin has put more than 100,000 ...

WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks

05 November 2025
WordPress Post SMTP Plugin Vulnerability Exposes 400,000 Websites to Account Takeover Attacks A critical security flaw in the WordPress Post SMTP plugin has left more than 400,000 websites ...

WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack

29 October 2025
WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed ...

Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild

27 October 2025
Hackers Actively Exploiting WordPress Arbitrary Installation Vulnerabilities in The Wild Threat actors have launched a significant mass exploitation campaign targeting critical ...

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

16 October 2025
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain ...

Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access

09 October 2025
Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access Over the past two months, threat actors have weaponized a critical authentication bypass flaw in ...
Latest Updates and Insights on WordPress Security »