Be the first to know about new WordPress vulnerabilities

All vulnerabilities are manually vetted in our database by seasoned WordPress security professionals.
WPScan works with security researchers, vendors, and the WordPress community to triage vulnerabilities.
The vulnerability database is updated constantly as we discover new threats.

Our WordPress Security Services

WordPress integrations

No matter the size of your business, we’ve got a WordPress plugin that fits into your existing workflows.

CLI security scanner

Get the hackers’ point of view with a command line interface written for security professionals.

Versatile API

Tap directly into the vulnerability database API to get the latest WordPress vulnerabilities.

Trusted by the world’s largest brands

Cataloging 71,355 WordPress core, plugin, and theme vulnerabilities

The WPScan database is continuously updated by leading WordPress security professionals.

Learn how it works

Screening WordPress vulnerabilities for over 10 years

Crack team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security Solutions For Everyone

Enterprise

WordPress protection with custom solutions for large enterprises.

Custom pricing by number of sites
Instant email alerts
Vulnerabilities details by ID
Latest API endpoints
Webhooks: Slack & HTTP
Description & PoC API data
CVSS Risk Scores

Researcher

Security researchers are welcome to use the CLI scanner and API for non‑commercial purposes.

CLI tools for researchers
Capped at 25 API calls per day

Need a small business plan?

Jetpack Protect is a free plugin that uses WPScan data to alert you about threats to your website. Upgrade for WAF and one‑click fixes.

Get Jetpack Protect

View our Enterprise Terms of Service