WPVulnerability WordPress plugin

This plugin taps into the power of the free and unlimited WordPress Vulnerability Database API to deliver vulnerability assessments directly within your WordPress dashboard. It’s an essential tool for website administrators, developers, and anyone keen on maintaining a secure WordPress environment.

Secure your WordPress experience today, your first line of defense against vulnerabilities!


  • WordPress: 4.1 –> 6.6
  • PHP: 5.6 –> PHP 8.3
  • WordPress Coding Standards: 3.1.0
  • WP-CLI: 2.3.0 –> 2.10.0
  • Plugin Check (PCP)

Using the plugin

WP-CLI commands

And then, You will find these WP-CLI commands:

  • wp wpvulnerability --help: Get help with these commands.
  • wp wpvulnerability core: List Core vulnerabilities.
  • wp wpvulnerability plugins: List Plugins vulnerabilities.
  • wp wpvulnerability themes: List Themes vulnerabilities.
  • wp wpvulnerability php: List PHP vulnerabilities.
  • wp wpvulnerability apache: List Apache HTTPD vulnerabilities.
  • wp wpvulnerability nginx: List nginx vulnerabilities.


From mail

Since WPVulnerability 3.2.1

If, for some reason, you need the emails sent by the plugin to have a From different from the site administrator, you can change it from the wp-config.php by adding a constant:

define( 'WPVULNERABILITY_MAIL', 'sender@example.com' );


This plugin adheres to the following security measures and review protocols for each version:


  • This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.


  • No vulnerabilities have been published up to version 3.2.0.

Found a security vulnerability? Please report it to us privately at the WPVulnerability GitHub repository.


You can contribute to this plugin at the WPVulnerability GitHub repository.