@_WPScan_ profile picture
WPScan - WordPress Security @_WPScan_

With our very own WordPress vulnerability database, WPScan is the leading software for WordPress security scanning.

Joined July 2012
  • Tweets 3,874
  • Following 344
  • Followers 7,576
108 Photos and videos
WPScan 4.0.0: We're Back wpscan.com/blog/wpscan-4-0-0…

WPScan 4.0.0: We’re Back

Control what gets scanned. Authenticate for complete enumeration. Stream results in real time. Built from community feedback.

wpscan.com
6
33
301
35,746
Our researchers found a Pre-Auth Object Injection vulnerability in the SEOPress plugin (300k active installs). It was fixed in the recent 7.9 update. Make sure to update now! #wordpress #security wpscan.com/blog/object-injec…

Object Injection vulnerability fixed in SEOPress 7.9

During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k active installs). More specifically, we discovered an authentication bug which could allow attacke…

wpscan.com
3
1
5
2,007
Thank you WPScan'ers for your trust! We're sending holiday cheer to you and your family. ☃️
1
1
1,456
Our researchers found a Pre-Auth Stored XSS vulnerability in the WP Go Maps plugin (formerly known as WP Google Maps, 400k active installs). It was fixed in the recent 9.0.28 update. Make sure to update now! #wordpress #security wpscan.com/blog/stored-xss-f…

Stored XSS Fixed In WP Go Maps 9.0.28

During an analysis of the WP Go Maps plugin (formerly WP Google Maps), we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they hav…

wpscan.com
1
4
1,314
Our researchers found a Pre-Auth Stored XSS vulnerability in the Popup Builder plugin (200k active installs). It was fixed in the recent 4.2.3 update. Make sure to update now! #wordpress #security wpscan.com/blog/stored-xss-f…

Stored XSS Fixed In Popup Builder 4.2.3

During an analysis of the Popup Builder plugin, we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they have an account on the sit…

wpscan.com
2
3
5
1,091
Our researchers found a serious SQL Injection vulnerability in the WP Fastest Cache plugin. It was fixed in the recent 1.2.2 update. Make sure to update now! wpscan.com/blog/unauthentica… #wordpress #security

Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 1.2.2

During an internal review of the WP Fastest Cache plugin, the WPScan team discovered a serious SQL injection vulnerability. This vulnerability may allow unauthenticated attackers to read the full c…

wpscan.com
1
6
1,113
URGENT: Active Hacking Campaign Targeting WordPress Plugin 'Royal Elementor Addons' (200,000 active installs). Update to 1.3.79 ASAP! For more info: wpscan.com/blog/unauthentica… #wordpress #security

Unauthenticated File Upload Vulnerability Addressed in Royal Elementor Addons and Templates 1.3.79

During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least o…

wpscan.com
2
636
Our researchers found a RCE gadget chain in WordPress Core. Fortunately, it was fixed on the recent 6.3.2 update. Here's how it worked: wpscan.com/blog/finding-a-rc… #wordpress #security

Finding A RCE Gadget Chain In WordPress Core

During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning atta…

wpscan.com
2
2
8
1,177
Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2 #wordpress #security wpscan.com/blog/email-leak-o…

Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2

During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts o…

wpscan.com
1
3
559
URGENT: Active Hacking Campaign Targeting #WordPress Plugin 'Ultimate Member' (200,000 active installs). We strongly recommend disabling this plugin immediately until a patch is released that fixes the vulnerability. For more info: blog.wpscan.com/hacking-camp…

2
11
19
2,405
Are you attending WordCamp Europe in Athens? We'd love to see you and talk security! Please come find the WPScan team at the Jetpack booth at WCEU. #WCEU #WordPress #security
1
1
1
618
WordPress VIP Integrates WPScan to Flag Potential Vulnerabilities with Major Sites Before They Go to Production blog.wpscan.com/wordpress-vi…

1
1
5
785
Uncovering a PHAR Deserialization Vulnerability in WP Meta SEO and Escalating to RCE blog.wpscan.com/uncovering-a…
2
656
WP Engine’s Security Team Creates Custom Workflow with WPScan to Protect Clients blog.wpscan.com/wp-engines-s…

1
544
What is a brute force attack? blog.wpscan.com/what-is-a-br…
394
blog.wpscan.com/sql-injectio…

1
1
402
Thanks @HackingArticles for sharing the WPScan Cheat Sheet.
Hacking Articles
@hackinarticles
17 Feb 2023
Wpscan Cheat Sheet @_WPScan_ github.com/Ignitetechnologie… #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #wordpress #bugbounty #bugbountytips
2
2
1,657
WordPress Black Box Testing Basics blog.wpscan.com/wordpress-bl…
2
3
459
Fake plugin affecting WordPress sites blog.wpscan.com/fake-plugin-…
2
3
554
Protecting your WordPress website against SQL injection attacks blog.wpscan.com/protecting-y…

Protecting your WordPress website against SQL injection attacks

If you own a WordPress website, then chances are you’ve heard of SQL injections in WordPress. These malicious attacks can wreak havoc on your website and leave it vulnerable to hackers. Fortunately…

wpscan.com
2
7
1,162
#CyberAttack
394
Load more