New version of the wordpress security assessment tool – WPScan, the tool already included in many popular pentest distributions such as BackBox Linux, Kali Linux ,Pentoo and SamuraiWTF.

The new release is 2.4 include new fingerprints for WP 3.8.3 & 3.7.3, 3.9 and addition vulnerabilities for wordpress CMS. There is also update for the theme list and plugins so the scanner allow to detect themes versions.

According to  change-logs WPScan Database Statistics:

  • Total vulnerable versions: 79; 1 is new
  • Total vulnerable plugins: 748; 55 are new
  • Total vulnerable themes: 292; 41 are new
  • Total version vulnerabilities: 617; 326 are new
  • Total plugin vulnerabilities: 1162; 146 are new
  • Total theme vulnerabilities: 330; 47 are new


WPScan can by used for the following purposes:

  • Determine the version of WordPress CMS
  • Brute force usernames and passwords
  • List all installed modules and plugins
  • List installed themes

You can read the release notes over this link: http://wpscan.org/

Leave a comment

Your email address will not be published. Required fields are marked *