https://github.com/umutphp/wp-vulnerability-check
A command line took to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.
https://github.com/umutphp/wp-vulnerability-check
continuous-integration hacktoberfest security vulnerability-checker wordpress wordpress-plugin wordpress-security wordpress-security-scanner
Last synced: 8 days ago
JSON representation
A command line took to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.
- Host: GitHub
- URL: https://github.com/umutphp/wp-vulnerability-check
- Owner: umutphp
- License: mit
- Created: 2019-01-17T12:40:57.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-22T17:39:36.000Z (over 1 year ago)
- Last Synced: 2024-04-23T22:19:49.282Z (about 1 year ago)
- Topics: continuous-integration, hacktoberfest, security, vulnerability-checker, wordpress, wordpress-plugin, wordpress-security, wordpress-security-scanner
- Language: PHP
- Homepage:
- Size: 455 KB
- Stars: 37
- Watchers: 2
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT
- Security: SECURITY.md
Awesome Lists containing this project
README
# WordPress Vulnerability Check (wp-vulnerability-check)
[](CONTRIBUTING.md)  [](https://packagist.org/packages/umutphp/wp-vulnerability-check) [](https://packagist.org/packages/umutphp/wp-vulnerability-check) [](https://packagist.org/packages/umutphp/wp-vulnerability-check) [](https://www.codetriage.com/umutphp/wp-vulnerability-check)
WordPress Vulnerability Check (wp-vulnerability-check) is a console application to check the WPScan Vulnerability Database via API to identify the security issues of WordPress plugins installed.
If you're using WordPress as part of your application and thrid-party WordPress plugins to implement your bussiness logic, you can run wp-vulnerability-check on a CI pipeline to check the vulnerabilities. You should get a token from [wpscan.com](https://wpscan.com/) in order to have access to the API.

---
**Table Of Contents**
- [How To Use](#how-to-use)
- [Requirements](#requirements)
- [Installation](#installation)
- [CLI Options](#cli-options)
- [Issues](#issues)
- [Contributing](#contributing)---
## How To Use
### Requirements
wp-vulnerability-check requires PHP version 5.6.0 or greater.
### Installation
It can be installed as a stand-alone tool or used as a test step on your CI pipeline.
```bash
composer require umutphp/wp-vulnerability-check```
### CLI Options
After succesfull installation, you can display the options as follows;
```bash
./wp-vulnerability-check --help
---------------------------
WP Vulnerability Check version 0.2.2
---------------------------
Usage: wp-vulnerability-check [options]
Options:
--config Full path for the YAML config file. A sample config
file is .wvc.yml.sample in root folder. CLI arguments
override the values in config file.
--path Full path of your WordPress installation.
--plugins-path Relative path of the plugin folder. It is optional.
Please specify if you don't use default plugin folder.
--mu-plugins-path Relative path of the mu plugin folder. It is optional.
Please specify if you don't use default mu plugin folder.
--themes-path Relative path of the theme folder. It is optional.
Please specify if you don't use default theme folder.
--token Token got from wpscan.com
--exclude Exclude the plugins given in comma separated format.
--output The format of output. Valid values JSON, READABLE, HTML,
NO (Default).
--no-colors Disable the console colors. It is enabled by default.
--version Show version.
--help Print this help.```
A sample excution,
```bash
$ ./wp-vulnerability-check --path /path/to/plugins/ --token token --output readableChecking WordPress version ...
.
------------------------------------------------------------
Vulnerability DetailsChecking plugins...
.......
Checked 7 plugins in 2 second, no vulnerability found.
The plugins which are not in WPScan Vulnerability Database; akismet, custom-css-js, hello, multisite-clone-duplicator, wp-migrate-db, base, mu-autoloader.
PS: You can exclude your custom plugins with --exclude parameter.Checking theme...
.
Checked 1 theme in 0.2 second, no vulnerability found.
The theme which is not in WPScan Vulnerability Database; simple-days.
PS: You can exclude your custom themes with --exclude parameter.
```## Issues
Bug reports and feature requests can be submitted on the [Github Issue Tracker](https://github.com/umutphp/wp-vulnerability-check/issues).
## Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md) for more information.
## Code Of Conduct
See [CODE_OF_CONDUCT](CODE_OF_CONDUCT) for more information.