WordPress CVE scanner using wpvulndb.com

In my previous posts I already wrote about a WordPress CVE scanner (part 1, part 2). It kept haunting me with failures and disappointment. It began with blackbox scanning (slow and performance killing) which moved to whitebox scanning with Wordstress which proved to be buggy. So it needed to be addressed one more time (hopefully).

Mission

A whitebox WordPress vulnerability scanner getting its CVE’s from wpvulndb.com, which is simple to use… I decided to write my own in WP-CLI.

Result

WP-CLI is an awesome tool to manage your WordPress installation from the command line, and it recently started supporting extensions. So I created one, and wrote some documentation for it. Installation is done with:

wp package install markri/wp-sec

And documentation can be found at

http://wp-sec.org

It doesn’t need to be more complex than this.

Leave a Reply

Your email address will not be published. Required fields are marked *