In my previous posts I already wrote about a WordPress CVE scanner (part 1, part 2). It kept haunting me with failures and disappointment. It began with blackbox scanning (slow and performance killing) which moved to whitebox scanning with Wordstress which proved to be buggy. So it needed to be addressed one more time (hopefully).
A whitebox WordPress vulnerability scanner getting its CVE’s from wpvulndb.com, which is simple to use… I decided to write my own in WP-CLI.
WP-CLI is an awesome tool to manage your WordPress installation from the command line, and it recently started supporting extensions. So I created one, and wrote some documentation for it. Installation is done with:
wp package install markri/wp-sec
Documentation can be found at
It doesn’t need to be more complex than this.