Scan WordPress (core, plugin, theme)
For non-commercial use, you can use this WordPress integration for free. But for commercial use, You have to send a E-Mail to the WPVulnDB team. For Details, see the NOTE:
If you are under any doubt if your software is classed as non-commercial and/or would like to inquire about commercial usage of our databases get in touch.
First, you need to register a user and get the API token from your profile page on wpvulndb.com. And then, check whether the wp command is insatalled on the scan target server. A sample configuration is below.
[servers.kusanagi] user = "root" host = "10.10.10.10" port = "22" [servers.kusanagi.wordpress] cmdPath = "/usr/local/bin/wp" osUser = "wordpress" docRoot = "/home/kusanagi/wp/DocumentRoot/" wpVulnDBToken = "xxxxTokenxxxx" ignoreInactive = false
- cmdPath : A 0ath of `` on the wordpress server
- osUser : A OS user of `` on the wordpress server
- docRoot : A path of document root onthe wordpress server
- wpVulnDBToken : A token of WPVULNDB API
- ignoreInactive : Ignore plugins or themes which are inactive state
To scan WordPress, execute as below.
$ vuls scan kusanagi
Vuls collects WordPrss Core version, plugins and themes via
$ vuls report
Vuls detects vulnerabilities via accessing WPVulnDB.com via HTTP.
- If you have some virtual WordPres sites in a server.
- If you want a report of only WordPress without OS packages.
ignorePkgsRegexp = [".*"]. This is not ECO, but works fine :-)
- The point of config.toml
# for server administrator [servers.wordpress] host = "wordpress" # for WordPress site FOO [servers.foo] host = "wordpress" ignorePkgsRegexp = [".*"] [servers.foo.wordpress] docRoot = "/home/foo/wordpress/" # for WordPress site BAR [servers.bar] host = "wordpress" ignorePkgsRegexp = [".*"] [servers.bar.wordpress] docRoot = "/home/bar/wordpress/"