A tool to scan WordPress sites for vulnerable plugins by analyzing HTML source code and checking against known vulnerability databases.
- Scans WordPress sites to detect installed plugins
- Identifies plugin versions from script/link tags and readme files
- Checks detected plugins against vulnerability databases
- Provides detailed vulnerability information including severity scores
- Simple and intuitive web interface
- Bun runtime environment min version 1.2.13 ( canary )
-
Clone the repository
git clone https://github.com/Hiutaky/wp-sec.git cd wp-sec -
Install server dependencies
bun install
-
Install frontend dependencies
cd frontend && bun install && cd ..
-
Run the application
bun run dev
-
Open your browser and navigate to
http://localhost:3000
- Enter the URL of a WordPress site in the input field
- Click "Scan" to analyze the site
- View the results showing detected plugins and any vulnerabilities
The application consists of:
- Backend API built with Elysia.js
- Frontend interface using React with Tailwind CSS
- Scanner module that extracts plugin information and checks for vulnerabilities
POST /scan- Accepts a WordPress site URL and returns scan results