New version of the wordpress security assessment tool – WPScan, the tool already included in many popular pentest distributions such as BackBox Linux, Kali Linux ,Pentoo and SamuraiWTF.
The new release is 2.4 include new fingerprints for WP 3.8.3 & 3.7.3, 3.9 and addition vulnerabilities for wordpress CMS. There is also update for the theme list and plugins so the scanner allow to detect themes versions.
According to change-logs WPScan Database Statistics:
- Total vulnerable versions: 79; 1 is new
- Total vulnerable plugins: 748; 55 are new
- Total vulnerable themes: 292; 41 are new
- Total version vulnerabilities: 617; 326 are new
- Total plugin vulnerabilities: 1162; 146 are new
- Total theme vulnerabilities: 330; 47 are new
WPScan can by used for the following purposes:
- Determine the version of WordPress CMS
- Brute force usernames and passwords
- List all installed modules and plugins
- List installed themes
You can read the release notes over this link: http://wpscan.org/
