WordPress 5.5.2 Security Release

WordPress 5.5.2 was released on October 30th 2020, reportedly fixing 10 security vulnerabilities. Below are the vulnerabilities that were mentioned in the release notes and that have been added to the WPScan WordPress Vulnerability Database so far, including one from our very own security researcher, Erwan.More

September 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

More

On December 1st 2020 we will be closing WPScan.io (the SaaS)

(We are not closing any of our other products or services, just the online WPScan.io SaaS!)

WPScan.io started life in 2015 when we contracted a Rails development company to create a SaaS web front end on top of our WPScan CLI tool. Unfortunately, at that time, we only had the budget to complete around 50% of the work, as we were still a community project making hardly any money.

The project sat in this half finished state for three years, until 2018, when we had a little bit more money to hire a freelance Rails developer.

More

August 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

WordPress Theme Vulnerabilities

More

July 2020 Monthly Vulnerability Roundup

WordPress Plugin Vulnerabilities

More

WPScan User Documentation

This is a copy of the WPScan User Documentation. Please refer to the Github Wiki version for the most up to date information.

Introduction

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.

WPScan is written in the Ruby programming language. The first version of WPScan was released on the 16th of June 2011.

More

WordPress Security Scan

WordPress is undisputedly the most popular Content Management System (CMS) in use today. With the most commonly quoted figure being the one published by w3techs, putting WordPress at 37.7% of all websites today (July 2020) and growing. It is no surprise then that WordPress is also the most targeted CMS by hackers.

Despite what some believe, WordPress is a secure CMS, depending on what your definition of “secure” is.

More