{"id":27628092,"url":"https://github.com/umutphp/wp-vulnerability-check","last_synced_at":"2025-04-23T14:03:08.130Z","repository":{"id":54755661,"uuid":"166223799","full_name":"umutphp/wp-vulnerability-check","owner":"umutphp","description":"A command line took to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.","archived":false,"fork":false,"pushed_at":"2023-10-22T17:39:36.000Z","size":466,"stargazers_count":37,"open_issues_count":1,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-04-23T22:19:49.282Z","etag":null,"topics":["continuous-integration","hacktoberfest","security","vulnerability-checker","wordpress","wordpress-plugin","wordpress-security","wordpress-security-scanner"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/umutphp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-17T12:40:57.000Z","updated_at":"2023-12-04T07:04:30.000Z","dependencies_parsed_at":"2024-11-15T02:05:43.886Z","dependency_job_id":"91fcb256-8fea-4590-80f1-e16f05fbc422","html_url":"https://github.com/umutphp/wp-vulnerability-check","commit_stats":{"total_commits":167,"total_committers":3,"mean_commits":"55.666666666666664","dds":"0.14970059880239517","last_synced_commit":"56d248a69ea2e11882e5548e469757fcb5729c4b"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umutphp%2Fwp-vulnerability-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umutphp%2Fwp-vulnerability-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umutphp%2Fwp-vulnerability-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umutphp%2Fwp-vulnerability-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/umutphp","download_url":"https://codeload.github.com/umutphp/wp-vulnerability-check/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250447290,"owners_count":21432161,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["continuous-integration","hacktoberfest","security","vulnerability-checker","wordpress","wordpress-plugin","wordpress-security","wordpress-security-scanner"],"created_at":"2025-04-23T14:02:53.015Z","updated_at":"2025-04-23T14:03:08.120Z","avatar_url":"https://github.com/umutphp.png","language":"PHP","readme":"# WordPress Vulnerability Check (wp-vulnerability-check)\n\n[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg)](CONTRIBUTING.md) ![WOSPM Checker](https://github.com/umutphp/wp-vulnerability-check/workflows/WOSPM%20Checker/badge.svg) [![Latest Stable Version](https://poser.pugx.org/umutphp/wp-vulnerability-check/v/stable)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Total Downloads](https://poser.pugx.org/umutphp/wp-vulnerability-check/downloads)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![composer.lock](https://poser.pugx.org/umutphp/wp-vulnerability-check/composerlock)](https://packagist.org/packages/umutphp/wp-vulnerability-check) [![Open Source Helpers](https://www.codetriage.com/umutphp/wp-vulnerability-check/badges/users.svg)](https://www.codetriage.com/umutphp/wp-vulnerability-check)\n\nWordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.\n\nIf you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from [wpscan.com](https://wpscan.com/) in order to have access to the API.\n\n![WordPress Vulnerability Check](./assets/wvc_banner.png \"WordPress Vulnerability Check\")\n\n---\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n**Table Of Contents**\n\n- [How To Use](#how-to-use)\n  - [Requirements](#requirements)\n  - [Installation](#installation)\n  - [CLI Options](#cli-options)\n- [Issues](#issues)\n- [Contributing](#contributing)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n---\n\n## How To Use\n\n### Requirements\n\nwp-vulnerability-check requires PHP version 5.6.0 or greater.\n\n### Installation\n\nIt can be installed as a stand-alone tool or used as a test step on your CI pipeline.\n\n```bash\ncomposer require umutphp/wp-vulnerability-check\n\n```\n\n### CLI Options\n\nAfter succesfull installation, you can display the options as follows;\n\n```bash\n ./wp-vulnerability-check --help\n---------------------------\nWP Vulnerability Check version 0.2.2\n---------------------------\nUsage: wp-vulnerability-check [options]\nOptions:\n    --config            Full path for the YAML config file. A sample config\n                        file is .wvc.yml.sample in root folder. CLI arguments\n                        override the values in config file.\n    --path              Full path of your WordPress installation.\n    --plugins-path      Relative path of the plugin folder. It is optional.\n                        Please specify if you don't use default plugin folder.\n    --mu-plugins-path   Relative path of the mu plugin folder. It is optional.\n                        Please specify if you don't use default mu plugin folder.\n    --themes-path       Relative path of the theme folder. It is optional.\n                        Please specify if you don't use default theme folder.\n    --token             Token got from wpscan.com\n    --exclude           Exclude the plugins given in comma separated format.\n    --output            The format of output. Valid values JSON, READABLE, HTML,\n                        NO (Default).\n    --no-colors         Disable the console colors. It is enabled by default.\n    --version           Show version.\n    --help              Print this help.\n\n```\n\nA sample excution,\n\n```bash\n$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readable\n\nChecking WordPress version ...\n\n.\n------------------------------------------------------------\nVulnerability Details\n\n\nChecking plugins...\n\n.......\n\nChecked 7 plugins in 2 second, no vulnerability found.\n\nThe plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader.\nPS: You can exclude your custom plugins with --exclude parameter.\n\nChecking theme...\n\n.\n\nChecked 1 theme in 0.2 second, no vulnerability found.\n\nThe theme which is not in WPScan Vulnerability Database; simple-days.\nPS: You can exclude your custom themes with --exclude parameter.\n```\n\n## Issues\n\nBug reports and feature requests can be submitted on the [Github Issue Tracker](https://github.com/umutphp/wp-vulnerability-check/issues).\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for more information.\n\n## Code Of Conduct\n\nSee [CODE_OF_CONDUCT](CODE_OF_CONDUCT) for more information.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumutphp%2Fwp-vulnerability-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fumutphp%2Fwp-vulnerability-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumutphp%2Fwp-vulnerability-check/lists"}