WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login

16 September 2025
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has ...

New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands

27 August 2025
New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a ...

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

26 August 2025
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to ...

Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks

14 August 2025
Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks A critical security vulnerability has been discovered in the popular “Database for Contact ...

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email

09 August 2025
Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat ...

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

31 July 2025
Threat actors are actively exploiting a critical security flaw in "Alone – Charity ...

WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control

30 July 2025
WordPress Theme RCE Vulnerability Actively Exploited to Take Full Site Control A critical remote code execution (RCE) vulnerability in the popular “Alone” ...

Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites

24 July 2025
Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites A sophisticated WordPress malware campaign has been discovered operating through the rarely ...
Latest Updates and Insights on WordPress Security »