WPScan - Vulnerability Scanner for WordPress Powered Sites

Hacking Security

This is the showcase for the most popular wordpress vulnerability scanner. Here is the guide how to install WPScan on windows.

What is WPScan?

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. This handy tool can be found, for example, in the Kali Linux tools section. Kali linux tools page.

The idea of the WPScan tool is simple. It scans your whole site and shows if any plugins or themes are vulnerable It also check many other things. Check the list below!

Here is a slightly broader list of what the WPScan tool check:

  • The version of WordPress installed and any associated vulnerabilities
  • What plugins are installed and any associated vulnerabilities
  • What themes are installed and any associated vulnerabilities
  • Username enumeration
  • Users with weak passwords via password brute forcing
  • Backed up and publicly accessible wp-config.php files
  • Database dumps that may be publicly accessible
  • If error logs are exposed by plugins
  • Media file enumeration
  • Vulnerable Timthumb files
  • If the WordPress readme file is present
  • If WP-Cron is enabled
  • If user registration is enabled
  • Full Path Disclose
  • Upload directory listing
WPScan Wordpress vulnerabilities


We are not responsible if you use the program on anyone other than your own site. You should only use the program for your own wordpress site and not for anyone else!

If you like this blog post and it was useful to you, please follow us on Twitter and Facebook.

Related articles


Post a Comment