WPScan

freemium From $0/mo · Founded 2011 · self-hosted / CLI

WordPress-specific vulnerability database + scanner — free CLI with optional API key.

Free tier: free CLI, free API tier limited daily requests

Maintains the most comprehensive, up-to-date database of WordPress core, plugin, and theme vulnerabilities.
A free, open-source command-line tool allows for easy automation and scripting.
Generous free API tier provides vulnerability data for personal or small-scale use.

Strictly a command-line tool; no official graphical user interface is provided.
Only scans WordPress sites, offering no support for other CMS or custom applications.
Requires self-hosting and manual execution; it is not a managed, continuous monitoring service.

Tags: wordpressvuln-managementopen-sourcefree-tiersoloself-hosted

Alternatives to WPScan

free

Most popular free open-source DAST scanner — active/passive web scanning, intercepting proxy, CI/CD integration.

freemium

Open-source vulnerability scanner descended from Nessus — free Community Edition, paid appliances for enterprise.

free

Template-driven fast scanner — community templates cover thousands of CVEs. Free CLI, paid managed cloud.

free

Long-running open-source web server scanner — checks 6,700+ dangerous files and outdated software.