WPScan Online
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration:

Latest Updates and Insights on WordPress Security

Explore updates on recent attacks, vulnerabilities, and best practices to keep your WordPress site safe and secure.

50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability

07 April 2026
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability A critical security flaw in the popular WordPress plugin “Ninja Forms – File ...

Hackers Compromised ILSpy WordPress Domain to Deliver Malware

06 April 2026
Hackers Compromised ILSpy WordPress Domain to Deliver Malware A new supply chain attack targeting developers after threat actors compromised the official ...

WordPress Plugin Vulnerability Exposes Sensitive Data From 800,000+ Sites

31 March 2026
WordPress Plugin Vulnerability Exposes Sensitive Data From 800,000+ Sites A high-severity security flaw has been disclosed in Smart Slider 3, one of the most widely used ...

WordPress 6.9.2 Release

10 March 2026
WordPress 6.9.2 is now available! This is a security release that features several fixes. ...

WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts

06 March 2026
WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts A critical security flaw, identified as CVE-2026-1492, has been found in the User ...

GrayCharlie Injects Malicious JavaScript into WordPress Sites to Deliver NetSupport RAT and Stealc

23 February 2026
GrayCharlie Injects Malicious JavaScript into WordPress Sites to Deliver NetSupport RAT and Stealc A threat actor known as GrayCharlie has been compromising WordPress websites since mid-2023, ...

WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks

12 February 2026
WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks A critical flaw in the WPvivid Backup & Migration WordPress plugin can let an ...

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

08 December 2025
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively ...
Latest Updates and Insights on WordPress Security »