{"id":24731446,"url":"https://github.com/taleblou/wordpressvulnerabilityscanner_python","last_synced_at":"2026-04-29T22:05:00.882Z","repository":{"id":272730504,"uuid":"917575264","full_name":"taleblou/WordPressVulnerabilityScanner_Python","owner":"taleblou","description":"A Python script to scan WordPress sites for vulnerabilities like version disclosure, exposed wp-config.php, XML-RPC issues, REST API exposure, user enumeration, and outdated plugins/themes. Logs results to a CSV file for easy analysis. For educational use only.","archived":false,"fork":false,"pushed_at":"2025-01-16T08:51:03.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-27T16:49:25.791Z","etag":null,"topics":["vulnerabilities","wordpress"],"latest_commit_sha":null,"homepage":"https://taleblou.ir/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/taleblou.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-16T08:50:22.000Z","updated_at":"2025-01-16T08:52:50.000Z","dependencies_parsed_at":"2025-01-16T10:07:57.753Z","dependency_job_id":"c56481f2-7dd5-4323-ab3f-768f372c9d55","html_url":"https://github.com/taleblou/WordPressVulnerabilityScanner_Python","commit_stats":null,"previous_names":["taleblou/wordpressvulnerabilityscanner_python"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taleblou%2FWordPressVulnerabilityScanner_Python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taleblou%2FWordPressVulnerabilityScanner_Python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taleblou%2FWordPressVulnerabilityScanner_Python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taleblou%2FWordPressVulnerabilityScanner_Python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/taleblou","download_url":"https://codeload.github.com/taleblou/WordPressVulnerabilityScanner_Python/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244981293,"owners_count":20542288,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["vulnerabilities","wordpress"],"created_at":"2025-01-27T16:49:34.084Z","updated_at":"2026-04-29T22:04:55.836Z","avatar_url":"https://github.com/taleblou.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# **WordPress Vulnerability Scanner**\n\nThis Python script scans a WordPress website for common vulnerabilities and logs the findings into a CSV file. It checks for several WordPress-specific security issues, including version disclosure, exposed configuration files, REST API exposure, and more.\n\n## **Features**\n\n* **Version Disclosure**: Identifies if the WordPress version is publicly disclosed.  \n* **Exposed Configuration File**: Checks if the `wp-config.php` file is accessible.  \n* **XML-RPC Vulnerability**: Detects if XML-RPC is enabled, which can be exploited for brute force attacks.  \n* **REST API Exposure**: Verifies if the REST API is exposed without proper authentication.  \n* **User Enumeration**: Identifies accessible user IDs that could be exploited.  \n* **Outdated Plugins and Themes**: Detects plugins or themes with known vulnerabilities.\n\n## **Requirements**\n\n* Python 3.7 or higher  \n* Required libraries:  \n  * `requests`  \n  * `pandas`\n\nInstall the required libraries using pip:\n\nbash\n\nCopy code\n\n`pip install requests pandas`\n\n## **Usage**\n\n1. Copy the script to a Python file, e.g., `wordpress_vulnerability_scanner.py`.\n\nEdit the `target_url` variable in the script to specify the WordPress website you want to scan:  \npython  \nCopy code  \n`target_url = \"http://example.com\"  # Replace with the target WordPress URL`\n\n2. \n\nRun the script:  \nbash  \nCopy code  \n`python wordpress_vulnerability_scanner.py`\n\n3. \n\nThe results of the scan will be saved to a CSV file (`wordpress_vulnerability_report.csv` by default). The file includes the URL, type of vulnerability, and additional details.\n\n## **Example Output**\n\nThe CSV file will contain rows like the following:\n\n| URL | Vulnerability Type | Details |\n| ----- | ----- | ----- |\n| [http://example.com](http://example.com) | Version Disclosure | WordPress version 5.8.1 is disclosed. |\n| http://example.com/wp-config.php | Exposed wp-config.php | Sensitive configuration file is exposed. |\n| http://example.com/xmlrpc.php | XML-RPC Enabled | XML-RPC is enabled, potential for brute force attacks. |\n| http://example.com/?author=1 | User Enumeration | User ID 1 is accessible. |\n\n## **Notes**\n\n* The script uses a basic approach to identify vulnerabilities. For production use, consider integrating a comprehensive database of known vulnerabilities.  \n* Always obtain permission before scanning a website that you do not own.\n\nAdjust the `user_id` range in the user enumeration section for a more thorough scan:  \npython  \nCopy code  \n`for user_id in range(1, 50):  # Adjust range as needed`\n\n* \n\n## **Disclaimer**\n\nThis script is for educational purposes only. The author is not responsible for any misuse of this script.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaleblou%2Fwordpressvulnerabilityscanner_python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftaleblou%2Fwordpressvulnerabilityscanner_python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaleblou%2Fwordpressvulnerabilityscanner_python/lists"}