PHPackages umutphp/wp-vulnerability-check - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. umutphp/wp-vulnerability-check ActiveLibrary[Security](/categories/security) umutphp/wp-vulnerability-check ============================== Check the WPScan Vulnerability Database via API to identify the security issues on plugins and WordPress installed. 0.3.9(4y ago)412.9k9[1 issues](https://github.com/umutphp/wp-vulnerability-check/issues)GPL-3.0-onlyPHPPHP >=5.6CI failing Since Jan 18Pushed 2y ago2 watchersCompare [ Source](https://github.com/umutphp/wp-vulnerability-check)[ Packagist](https://packagist.org/packages/umutphp/wp-vulnerability-check)[ RSS](/packages/umutphp-wp-vulnerability-check/feed)WikiDiscussions master Synced 6d ago READMEChangelog (10)Dependencies (2)Versions (36)Used By (0) WordPress Vulnerability Check (wp-vulnerability-check) ====================================================== [](#wordpress-vulnerability-check-wp-vulnerability-check) [![Contributor Covenant](https://camo.githubusercontent.com/8e29a33f800f3630984f6f428f4f2454541fdfc5124f64c323ebd3e2b791744a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f6e7472696275746f72253230436f76656e616e742d76312e3425323061646f707465642d6666363962342e737667)](CONTRIBUTING.md) [![WOSPM Checker](https://github.com/umutphp/wp-vulnerability-check/workflows/WOSPM%20Checker/badge.svg)](https://github.com/umutphp/wp-vulnerability-check/workflows/WOSPM%20Checker/badge.svg) [![Latest Stable Version](https://camo.githubusercontent.com/11057c3208a00789da691b68002acf1c8bf1677f9e5bfed6cb8a97b7248d4548/68747470733a2f2f706f7365722e707567782e6f72672f756d75747068702f77702d76756c6e65726162696c6974792d636865636b2f762f737461626c65)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Total Downloads](https://camo.githubusercontent.com/23b21fb5faa2971451529c3787042b4f1014d42f51d7d0091033d3b26569f49c/68747470733a2f2f706f7365722e707567782e6f72672f756d75747068702f77702d76756c6e65726162696c6974792d636865636b2f646f776e6c6f616473)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![composer.lock](https://camo.githubusercontent.com/8b283859726860750e7c7e145decf81d6aeafc86773f978bba3d37afed1adcd9/68747470733a2f2f706f7365722e707567782e6f72672f756d75747068702f77702d76756c6e65726162696c6974792d636865636b2f636f6d706f7365726c6f636b)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Open Source Helpers](https://camo.githubusercontent.com/0ddddf1e7b2eb97a77aac0cbb0cb08f4a28cfb7602f0821d28be7529772cfe2f/68747470733a2f2f7777772e636f64657472696167652e636f6d2f756d75747068702f77702d76756c6e65726162696c6974792d636865636b2f6261646765732f75736572732e737667)](https://www.codetriage.com/umutphp/wp-vulnerability-check) WordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed. If you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from [wpscan.com](https://wpscan.com/) in order to have access to the API. [![WordPress Vulnerability Check](./assets/wvc_banner.png "WordPress Vulnerability Check")](./assets/wvc_banner.png) --- **Table Of Contents** - [How To Use](#how-to-use) - [Requirements](#requirements) - [Installation](#installation) - [CLI Options](#cli-options) - [Issues](#issues) - [Contributing](#contributing) --- How To Use ---------- [](#how-to-use) ### Requirements [](#requirements) wp-vulnerability-check requires PHP version 5.6.0 or greater. ### Installation [](#installation) It can be installed as a stand-alone tool or used as a test step on your CI pipeline. ``` composer require umutphp/wp-vulnerability-check ``` ### CLI Options [](#cli-options) After succesfull installation, you can display the options as follows; ``` ./wp-vulnerability-check --help --------------------------- WP Vulnerability Check version 0.2.2 --------------------------- Usage: wp-vulnerability-check [options] Options: --config Full path for the YAML config file. A sample config file is .wvc.yml.sample in root folder. CLI arguments override the values in config file. --path Full path of your WordPress installation. --plugins-path Relative path of the plugin folder. It is optional. Please specify if you don't use default plugin folder. --mu-plugins-path Relative path of the mu plugin folder. It is optional. Please specify if you don't use default mu plugin folder. --themes-path Relative path of the theme folder. It is optional. Please specify if you don't use default theme folder. --token Token got from wpscan.com --exclude Exclude the plugins given in comma separated format. --output The format of output. Valid values JSON, READABLE, HTML, NO (Default). --no-colors Disable the console colors. It is enabled by default. --version Show version. --help Print this help. ``` A sample excution, ``` $ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable Checking WordPress version ... . ------------------------------------------------------------ Vulnerability Details Checking plugins... ....... Checked 7 plugins in 2 second, no vulnerability found. The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader. PS: You can exclude your custom plugins with --exclude parameter. Checking theme... . Checked 1 theme in 0.2 second, no vulnerability found. The theme which is not in WPScan Vulnerability Database; simple-days. PS: You can exclude your custom themes with --exclude parameter. ``` Issues ------ [](#issues) Bug reports and feature requests can be submitted on the [Github Issue Tracker](https://github.com/umutphp/wp-vulnerability-check/issues). Contributing ------------ [](#contributing) See [CONTRIBUTING.md](CONTRIBUTING.md) for more information. Code Of Conduct --------------- [](#code-of-conduct) See [CODE\_OF\_CONDUCT](CODE_OF_CONDUCT) for more information. ### Health Score 33 — LowBetter than 75% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity29 Limited adoption so far Community13 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 92.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~29 days Recently: every ~0 days Total 31 Last Release 1800d ago PHP version history (2 changes)0.0.1PHP >=5.4.0 0.2.9PHP >=5.6 ### Community Maintainers ![](https://www.gravatar.com/avatar/166d2da042ca5531d53f89b5ed96eb784133c4eccb41395e86305fc33334bdd4?d=identicon)[umutphp](/maintainers/umutphp) --- Top Contributors [![umutphp](https://avatars.githubusercontent.com/u/3245166?v=4)](https://github.com/umutphp "umutphp (156 commits)")[![dmarkowicz](https://avatars.githubusercontent.com/u/1571340?v=4)](https://github.com/dmarkowicz "dmarkowicz (12 commits)") --- Tags continuous-integrationhacktoberfestsecurityvulnerability-checkerwordpresswordpress-pluginwordpress-securitywordpress-security-scanner ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/umutphp-wp-vulnerability-check/health.svg) ``` [![Health](https://phpackages.com/badges/umutphp-wp-vulnerability-check/health.svg)](https://phpackages.com/packages/umutphp-wp-vulnerability-check) ``` ### Alternatives [enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker)[craftcamp/php-abac Library used to implement Attribute-Based Access Control in a PHP application 987.1k2](/packages/craftcamp-php-abac) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)