WordPress Vulnerability Scanner

Discover known vulnerable plugins in your website

Security Ninja offers free vulnerability detection for your WordPress website. This feature warns you if there is a known problem in a plugin that allows hackers to attack your website.

We scan public repositories for vulnerabilities related to WordPress and compare that list to the plugins installed on your website.

Vulnerabilities found on your system

Free for everyone

This feature is available to free and premium users and warns you of any plugins you have installed that has a known exploit or vulnerability.

Free for everyone

This feature is available to free and premium users and alerts you to any plugins you have installed that has a known exploit or vulnerability.

When you install WP Security Ninja, the list of vulnerabilities is downloaded automatically to your website and then updated regularly.

You are also warned about specific security issues for different versions of WordPress itself.

The API will expand in the future to also include warnings for WordPress themes.

Your data is private!

All checking of vulnerabilities happens directly on your website, no data is sent back to our servers.

The list of vulnerabilities is gathered by curated sources such as the NVD - National Vulnerability Database and then downloaded to your website from our API.

Your installed plugins are then checked against the list and you will be alerted to any vulnerable plugins on your website.

There are many people that look for vulnerabilities in plugins and themes. Fortunately, many of these people disclose this information to the companies that build the plugins so they can fix and patch the security hole. Usually, at least 30 days are given to the developers before the fault is disclosed publicly.
There are two kinds of people that look for vulnerabilities - those that want to exploit them and those people who want to protect themselves and others from being exploited.

There are many reasons why a flaw can appear in a plugin or a theme. It can be due to simple mistakes, misleading documentation, lack of experience working with WordPress code, or a ton of other reasons. Many plugins also use 3rd party libraries for different tasks, and it could be here that a security flaw exists.

Many times this problem can be alleviated by keeping your plugins up to date. Still, there are also cases where a vulnerability is made public even before the developers have a chance to know about it and create a fix.

WPScan and ThreatPress maintain searchable databases that focus on WordPress vulnerabilities. There are regular updates for newly found exploits in plugins, themes, and also WordPress core itself.

The standard for indexing, categorizing, and determining the severity of the exploit is CVE. The CVE was launched in 1999 as a community effort to standardize the reporting of exploits, and the MITRE Corporation now runs it. The organization has copyrighted the CVE list and trademarked its name in an ongoing effort to keep the standard free and open-sourced.

CVE stands for Common Vulnerabilities and Exposures, and its purpose is to be a standard for sharing publicly available vulnerability data across networks and platforms. Each vulnerability gets a unique ID and a score based on its severity and ease of exploitation. The directory includes exploits across all platforms and systems.

There are many public searchable databases for vulnerabilities and exploits. Specific to WordPress, WPScan, and ThreatPress both maintain popular databases of WordPress vulnerabilities.

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)