Do you know any stand-alone client or web tool (like grc) that could scan, find and report WordPress vulnerabilities, plugins included?
WordPress vulnerabilities test scanner
Leave a Reply
You must be logged in to post a comment.
There’s WordPress Exploit Scanner that works as a WP plugin.
“This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do.”
Like anything of this nature, it’s open to discussion how effective it is.
WordPress isn’t a special web application so any scanner will work. Use a scanner like Sitewatch or Wapiti.
But if you want to keep your wordpress install from getting pwn3d then you have to make sure it and all of its plugins are up to date because a scanner will never be able find everything.