This plugin taps into the power of the free and unlimited WordPress Vulnerability Database API to deliver vulnerability assessments directly within your WordPress dashboard. It’s an essential tool for website administrators, developers, and anyone keen on maintaining a secure WordPress environment.

Secure your WordPress experience today, your first line of defense against vulnerabilities!

Comprehensive Security Analysis

  • Core: Checks the version of your WordPress Core against known vulnerabilities, ensuring you’re always aware of potential risks.
  • Plugin: Evaluates all your installed plugins, including those from the official repository, external sources, or premium ones, for any security weaknesses.
  • Theme: Evaluates all your installed themes, including those from the official repository, external sources, or premium ones, for any security weaknesses.
  • PHP: Analyzes your server’s PHP version, detecting vulnerabilities specific to your PHP setup. This is crucial as outdated or unsupported PHP versions can significantly increase security risks.
  • Apache HTTPD: Assesses the version of Apache HTTPD on your server, identifying any known vulnerabilities or misconfigurations that could compromise security.
  • nginx: Evaluates the version of nginx on your server, pinpointing any known vulnerabilities or misconfigurations that could pose security threats.

In-Depth Vulnerability Reporting

Stay ahead of potential threats with detailed reports. If a vulnerability is detected, visit the ‘Site Health’ section in your WordPress dashboard for in-depth information. It informs you about the nature of the vulnerability and provides guidance, such as updating to a newer version or addressing issues with unsupported or unpatched plugins/themes.

Customizable Alert System

Configure the plugin to send periodic notifications about your site’s security status. Choose between daily or weekly updates, ensuring you’re always in the loop about your website’s vulnerability status without being overwhelmed by information.

Why Choose This Plugin?

  • User-Friendly: Designed for ease of use; no technical expertise required.
  • Proactive Security: Helps in early detection and resolution of security issues.
  • Peace of Mind: Ensures you’re always a step ahead in maintaining a secure WordPress site.
  • Privacy-Conscious: The plugin operates with a strong commitment to privacy. It does not store any data from your site nor retrieves personal or sensitive information.
  • Respect for Data Integrity: We understand the importance of your site’s integrity. The plugin works discreetly in the background, ensuring that your content and data remain untouched and unaffected during security checks.


And then, You will find these wpcli commands:

  • wp wpvulnerability --help: Get help with these commands.
  • wp wpvulnerability core: List Core vulnerabilities.
  • wp wpvulnerability plugins: List Plugins vulnerabilities.
  • wp wpvulnerability themes: List Themes vulnerabilities.
  • wp wpvulnerability php: List PHP vulnerabilities.
  • wp wpvulnerability apache: List Apache HTTPD vulnerabilities.
  • wp wpvulnerability nginx: List nginx vulnerabilities.




  • WordPress 4.1 – WordPress 6.6.
  • PHP 5.6 – PHP 8.3.
  • WordPress Coding Standards 3.1.0.
  • WP-CLI 2.3.0 – WP-CLI 2.10.0.
  • Plugin Check (PCP)


This plugin adheres to the following security measures and review protocols for each version:


  • このプラグインおよび WordPress Vulnerability Database API は、サイト、ユーザー、プラグイン、テーマ、コンテンツに関する情報を収集しません。


  • No vulnerabilities have been published up to version 3.2.0.

Found a security vulnerability? Please report it to us privately at the WPVulnerability GitHub repository.


このプラグインは、WPVulnerability GitHub リポジトリで貢献することができます。


  • WP-Admin ダッシュボードウィジェット。
  • サイトヘルスの脆弱性リスト。
  • プラグインリストの脆弱性リスト。



WordPress のプラグインセクションにアクセスし、[wpvulnerability] を検索して、プラグインをダウンロードしインストールしてください。


ZIP を解凍し、/wp-content/plugins/wpvulnerability/ ディレクトリにアップロードします。 アップロードするとプラグインリストに表示されます。


脆弱性情報はどこから取得していますか ?

WPVulnerability.com API を元にしています。この API に表示される脆弱性は、CVEs などのさまざまなソースから取得しています。

サイトのデータはどこかに送信されますか ?


どのような脆弱性を見つけますか ?

Vulnerabilities in WordPress Core, Plugins, Themes, PHP, Apache HTTPD, and nginx are documented.

サイトに脆弱性がある場合、どうすればいいのでしょうか ?

まずは落ち着くことです。脆弱性が何であるかを調査し何よりも侵害された要素の最新バージョンを使用していることを確認してください。すべての WordPress とそのプラグインを最新の状態に保つことを強くお勧めします。


Vulnerabilities are listed into your plugins list.You should also being able to receive an automatic email too. It doesn’t work on my system, but email test yes.So awesome plugin anyway!
2024年4月8日 1 reply
Exactly what I was looking for ! On the roadmap, it would be nice if : we can chose if we want to receive an email OR not (I may use it as a vuln reminder on the dashboard, as I have other plugins already keeping me informed) we can chose what will be in the email – php or not for exemple (it seems that it is planned, thanks) only receive an email if one the vuln is considered high risk etc.
This plugin alerts you about known vulnerabilities in your WordPress core, plugins, themes, and even PHP, so you can take action in a timely manner. If you don’t have this plugin on your site already, you absolutely need it!
Este plugin es de los primeros que instalo en cada proyecto que ejecuto. Tanto para proyectos desde cero y con mucha más razón para corrección de fallos en proyectos iniciados.
Sin duda alguna, es el plugin que te ayuda estar informado de vulnerabilidades. Uno de los plugins que instalo por defecto en cuanto empiezo una web.
2023年12月12日 1 reply
Me encanta este plugin. Funciona perfectamente y es una herramienta imprescindible para los que somos amantes de la seguridad y de mantener nuestras webs lo más actualizadas y seguras posibles. Muchas gracias al equipo detrás de este espectacular plugin.


WPVulnerability はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。


“WPVulnerability” は13ロケールに翻訳されています。 翻訳者のみなさん、翻訳へのご協力ありがとうございます。

“WPVulnerability” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログRSS で購読してみてください。


[3.2.0] – 2024-05-08


  • Apache HTTPD vulnerabilities (Site Health).
  • nginx vulnerabilities (Site Health).


  • WordPress 4.1 – WordPress 6.6.
  • PHP 5.6 – PHP 8.3.
  • WordPress Coding Standards 3.1.0.
  • WP-CLI 2.3.0 – WP-CLI 2.10.0.
  • Plugin Check (PCP)

[3.1.2] – 2024-05-08


  • In some cases (when calling it directly, or wget), the cron was not working and gave an error.
  • The license had a non-compliance ID. Now, same license but working.


  • The URL from the API is using its own domain name.


  • WordPress 4.1 – WordPress 6.6.
  • PHP 5.6 – PHP 8.3.
  • WordPress Coding Standards 3.1.0.
  • WP-CLI 2.3.0 – WP-CLI 2.10.0.
  • Plugin Check (PCP)

[3.1.1] – 2024-02-11


  • Fixes some possible PHP warnings when retrieving data from the API.
  • Delete old schedules when unistalling the plugin.
  • Fix how is printed the High severity.


  • The plugin will not show the Exploitability information.


  • Compatibility: WordPress 4.1 – WordPress 6.5.
  • Compatibility: PHP 5.6 – PHP 8.3.
  • Compatibility: WordPress Coding Standards 3.0.1.
  • Compatibility: WP-CLI 2.3.0 – WP-CLI 2.10.0.

Previous versions

If you want to see the full changelog, visit the changelog.txt file.