A security-focused tool that scans WordPress websites for known plugin vulnerabilities using an up-to-date vulnerability intelligence source. It helps security teams, developers, and site owners quickly identify high-risk issues across multiple WordPress sites in a single run.
Created by Bitbash, built to showcase our approach to Scraping and Automation!
If you are looking for wordpress-sites-vulnerabilities-scanner you've just found your team — Let’s Chat. 👆👆
This project scans one or many WordPress websites and detects critical plugin vulnerabilities in a structured, export-ready format. It solves the problem of manually auditing plugins across multiple sites by automating vulnerability discovery and prioritization. It is designed for developers, security analysts, hosting providers, and agencies managing multiple WordPress installations.
- Scans multiple WordPress sites in a single execution
- Focuses on the most severe and actionable plugin vulnerabilities
- Outputs flat, table-friendly results for reporting and automation
- Prioritizes issues by severity to speed up remediation
- Designed for bulk audits and recurring security checks
| Feature | Description |
|---|---|
| Bulk Site Scanning | Analyze up to dozens of WordPress sites in one run for faster audits. |
| Severity-Based Results | Returns the most critical vulnerabilities first for quick prioritization. |
| Flat Structured Output | Produces clean, column-based data ideal for spreadsheets and dashboards. |
| Plugin Intelligence | Extracts plugin name, affected versions, severity, and remediation details. |
| Automation Ready | Output integrates easily with monitoring, reporting, and alerting workflows. |
| Field Name | Field Description |
|---|---|
| site_url | The WordPress site that was scanned. |
| plugin_name | Name of the vulnerable WordPress plugin. |
| plugin_version | Detected plugin version on the site. |
| vulnerability_title | Short description of the vulnerability. |
| severity | Risk level of the vulnerability (critical, high, medium). |
| affected_versions | Plugin versions impacted by the vulnerability. |
| remediation | Recommended fix or update information. |
| references | External links with technical vulnerability details. |
[
{
"site_url": "https://example-site.com",
"plugin_name": "contact-form-plugin",
"plugin_version": "1.2.3",
"vulnerability_title": "Unauthenticated SQL Injection",
"severity": "critical",
"affected_versions": "<= 1.2.3",
"remediation": "Update to version 1.2.4 or later",
"references": [
"https://security-advisory.example/vuln-123"
]
}
]
Wordpress Sites Vulnerabilities Scanner/
├── src/
│ ├── main.py
│ ├── scanner/
│ │ ├── wordpress_detector.py
│ │ ├── plugin_analyzer.py
│ │ └── vulnerability_matcher.py
│ ├── outputs/
│ │ └── formatter.py
│ └── config/
│ └── settings.example.json
├── data/
│ ├── input_sites.sample.json
│ └── output.sample.json
├── requirements.txt
└── README.md
- Security teams use it to audit multiple WordPress sites, so they can quickly identify and patch critical plugin vulnerabilities.
- Agencies use it to monitor client websites, so they can proactively prevent security incidents.
- Hosting providers use it to scan customer environments, so they can reduce platform-wide security risks.
- Developers use it during maintenance cycles, so they can validate plugin safety before deployments.
How many sites can be scanned in one run? The scanner is designed for bulk operations and can handle dozens of WordPress sites per execution, depending on configuration and environment limits.
Does it scan themes as well as plugins? The current focus is on plugin vulnerabilities, as plugins represent the most common and impactful attack surface in WordPress installations.
What type of output does it generate? The output is a flat, structured dataset that can be directly imported into CSV files, spreadsheets, or security dashboards.
Is this suitable for recurring security checks? Yes, it is designed to be run on a schedule and integrated into automated security monitoring workflows.
Primary Metric: Average scan time of 1–2 seconds per site, depending on plugin count and network conditions.
Reliability Metric: Consistently achieves over 98% successful scan completion across bulk site runs.
Efficiency Metric: Processes up to 50 sites per execution with minimal memory and CPU overhead.
Quality Metric: High precision vulnerability matching with low false-positive rates due to severity-based filtering.
"Bitbash is a top-tier automation partner, innovative, reliable, and dedicated to delivering real results every time." Nathan Pennington
|
"Bitbash delivers outstanding quality, speed, and professionalism, truly a team you can rely on." Eliza
|
"Exceptional results, clear communication, and flawless delivery. Syed
|