WordPress Vulnerability Scanner

Discover known vulnerable plugins in your website

Security Ninja offers free vulnerability detection for your WordPress website. This feature warns you if there is a known problem in a plugin that allows hackers to attack your website.

We scan public repositories for vulnerabilities related to WordPress and compare that list to the plugins installed on your website.

Vulnerabilities found on your system

Free for everyone

This feature is available to free and premium users and warns you of any plugins you have installed that has a known exploit or vulnerability.

Free for everyone

This feature is available to free and premium users and alerts you to any plugins you have installed that has a known exploit or vulnerability.

When you install WP Security Ninja, the list of vulnerabilities is downloaded automatically to your website and then updated regularly.

You are also warned about specific security issues for different versions of WordPress itself.

The API will expand in the future to also include warnings for WordPress themes.

Your data is private!

All checking of vulnerabilities happens directly on your website, no data is sent back to our servers.

The list of vulnerabilities is gathered by curated sources such as the NVD - National Vulnerability Database and then downloaded to your website from our API.

Your installed plugins are then checked against the list and you will be alerted to any vulnerable plugins on your website.

Why are people looking for vulnerabilities?

There are many people that look for vulnerabilities in plugins and themes. Fortunately, many of these people disclose this information to the companies that build the plugins so they can fix and patch the security hole. Usually, at least 30 days are given to the developers before the fault is disclosed publicly.
 
There are two kinds of people that look for vulnerabilities - those that want to exploit them and those people who want to protect themselves and others from being exploited.

Why are there security flaws in software?

There are many reasons why a flaw can appear in a plugin or a theme. It can be due to simple mistakes, misleading documentation, lack of experience working with WordPress code, or a ton of other reasons. Many plugins also use 3rd party libraries for different tasks, and it could be here that a security flaw exists.

Many times this problem can be alleviated by keeping your plugins up to date. Still, there are also cases where a vulnerability is made public even before the developers have a chance to know about it and create a fix.

Vulnerabilities for WordPress

WPScan and ThreatPress maintain searchable databases that focus on WordPress vulnerabilities. There are regular updates for newly found exploits in plugins, themes, and also WordPress core itself.

Vulnerability & Exploit Database

The standard for indexing, categorizing, and determining the severity of the exploit is CVE. The CVE was launched in 1999 as a community effort to standardize the reporting of exploits, and the MITRE Corporation now runs it. The organization has copyrighted the CVE list and trademarked its name in an ongoing effort to keep the standard free and open-sourced.

What is CVE for WordPress?

CVE stands for Common Vulnerabilities and Exposures, and its purpose is to be a standard for sharing publicly available vulnerability data across networks and platforms. Each vulnerability gets a unique ID and a score based on its severity and ease of exploitation. The directory includes exploits across all platforms and systems.

Where can I find WordPress vulnerabilities?

There are many public searchable databases for vulnerabilities and exploits. Specific to WordPress, WPScan, and ThreatPress both maintain popular databases of WordPress vulnerabilities.