Scan WordPress (core, plugin, theme)
For non-commercial use, you can use this WordPress integration for free. But for commercial use, You have to send a E-Mail to the WPVulnDB team. For Details, see the NOTE:
If you are under any doubt if your software is classed as non-commercial and/or would like to inquire about commercial usage of our databases get in touch.
First, you need to register a user and get the API token from your profile page on wpvulndb.com. And then, check whether the wp command is insatalled on the scan target server. A sample configuration is below.
[servers.kusanagi] user = "root" host = "10.10.10.10" port = "22" [servers.kusanagi.wordpress] cmdPath = "/usr/local/bin/wp" osUser = "wordpress" docRoot = "/home/kusanagi/wp/DocumentRoot/" wpVulnDBToken = "xxxxTokenxxxx" ignoreInactive = false
- cmdPath : A 0ath of `` on the wordpress server
- osUser : A OS user of `` on the wordpress server
- docRoot : A path of document root onthe wordpress server
- wpVulnDBToken : A token of WPVULNDB API
- ignoreInactive : Ignore plugins or themes which are inactive state
To scan WordPress, execute as below.
vuls scan kusanagi
Vuls collects WordPrss Core version, plugins and themes via
Vuls detects vulnerabilities via accessing WPVulnDB.com via HTTP.
- If you have some virtual WordPres sites in a server.
- If you want a report of only WordPress without OS packages.
ignorePkgsRegexp = [".*"]. This is not ECO, but works fine :-)
- The point of config.toml
# for server administrator [servers.wordpress] host = "wordpress" # for WordPress site FOO [servers.foo] host = "wordpress" ignorePkgsRegexp = [".*"] [servers.foo.wordpress] docRoot = "/home/foo/wordpress/" # for WordPress site BAR [servers.bar] host = "wordpress" ignorePkgsRegexp = [".*"] [servers.bar.wordpress] docRoot = "/home/bar/wordpress/"