Using WPScan to Find WordPress Vulnerabilities in Themes/Plugins

When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities. Last time, we taught you how to install WPScan on Mac and Linux. This time we are going to dive into how to use WPScan with the most basic commands. Updating WP Scan You should always update WPScan to leverage the latest database before you scan your website for vulnerabilities. Open Terminal and change your directory to the wpscan folder we downloaded in the first tutorial: cd wpscan From this directory we can run a command to pull the latest update from Github, and then another command to update the database. git pull ruby wpscan.rb --update You will see the WPScan logo and a note that the the database update has completed successfully. Scanning for Vulnerabilities Next we are going to point the WPScan application at your WordPress website. With a few commands we can check your website for vulnerable themes, plugins, and #wordpress #smallbusiness #entrepreneur

https://managewp.org/articles/11434/using-wpscan-to-find-wordpress-vulnerabilities-in-themes-plugins