← All tools

WPScan

https://wpscan.com

Freemium ◆ Kali Linux

Categories

Web Application

Description

WordPress security scanner. Enumerates WordPress installations for vulnerable plugins, themes, and configurations. Checks usernames, timthumbs, XML-RPC, and known CVEs in a WordPress-specific vulnerability database.

Keywords

WordPress CMS plugin vulnerabilities theme vulnerabilities user enumeration brute force

Example Usage

wpscan --url https://example.com --enumerate u,vp,vt --api-token YOUR_TOKEN
wpscan --url https://example.com -P /usr/share/wordlists/rockyou.txt -U admin