wordpress-vulnerable-scanner 1.0.0

WordPress vulnerability scanner - detects known CVEs in core, plugins, and themes
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

# wordpress-vulnerable-scanner

A fast, safe Rust CLI tool for detecting known CVE vulnerabilities in WordPress core, plugins, and themes using the WPVulnerability.net API.

[![Crates.io](https://img.shields.io/crates/v/wordpress-vulnerable-scanner.svg)](https://crates.io/crates/wordpress-vulnerable-scanner)
[![Documentation](https://docs.rs/wordpress-vulnerable-scanner/badge.svg)](https://docs.rs/wordpress-vulnerable-scanner)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## Features

- **Multiple input modes** - scan live sites, JSON manifests, or specify components directly
- **Parallel API requests** - fast vulnerability lookups using concurrent requests
- **Version-aware filtering** - only reports vulnerabilities affecting installed versions
- **CVSS scoring** - severity levels (Critical/High/Medium/Low) from CVSS scores
- **Multiple output formats** - human-readable tables or JSON for automation
- **Exit codes** - integrate with CI/CD pipelines
- **Security hardened** - URL encoding, file size limits, safe HTTP defaults

## Installation

### Pre-built binaries

Download from [GitHub Releases](https://github.com/robdotec/wordpress-vulnerable-scanner/releases):

| Platform | Architecture | File |
|----------|--------------|------|
| Linux | x86_64 | `wordpress-vulnerable-scanner-linux-x86_64.tar.gz` |
| Linux | x86_64 (static) | `wordpress-vulnerable-scanner-linux-x86_64-musl.tar.gz` |
| Linux | ARM64 | `wordpress-vulnerable-scanner-linux-aarch64.tar.gz` |
| macOS | Intel | `wordpress-vulnerable-scanner-macos-x86_64.tar.gz` |
| macOS | Apple Silicon | `wordpress-vulnerable-scanner-macos-aarch64.tar.gz` |
| Windows | x86_64 | `wordpress-vulnerable-scanner-windows-x86_64.zip` |

### Cargo

```bash
cargo install wordpress-vulnerable-scanner
```

### Build from source

```bash
git clone https://github.com/robdotec/wordpress-vulnerable-scanner
cd wordpress-vulnerable-scanner
cargo build --release
```

## Quick Start

### Scan a live WordPress site

```bash
wordpress-vulnerable-scanner https://example.com
```

### Scan with auto-detected scheme

```bash
wordpress-vulnerable-scanner example.com
```

### Check specific components

```bash
# Check WordPress core version
wordpress-vulnerable-scanner -c 6.4.1

# Check plugins (slug:version format)
wordpress-vulnerable-scanner -p "elementor:3.18.0,contact-form-7:5.8"

# Check themes
wordpress-vulnerable-scanner -t "flavor:1.3.4,flavor-developer:1.3.4"

# Combined check
wordpress-vulnerable-scanner -c 6.4.1 -p "elementor:3.18.0" -t "flavor:1.3.4"
```

### Use JSON manifest from wordpress-audit

```bash
# First, audit a WordPress installation
wordpress-audit https://example.com -o json > manifest.json

# Then scan for vulnerabilities
wordpress-vulnerable-scanner -m manifest.json
```

### Filter by severity

```bash
# Only show high and critical vulnerabilities
wordpress-vulnerable-scanner example.com --severity high
```

### JSON output for automation

```bash
wordpress-vulnerable-scanner example.com -o json | jq '.summary'
```

## Input Modes

| Mode | Flag | Description |
|------|------|-------------|
| URL scan | (positional) | Scan a live WordPress site |
| Core version | `-c, --core` | Check specific WordPress version |
| Plugins | `-p, --plugins` | Check plugins (slug:version,...) |
| Themes | `-t, --themes` | Check themes (slug:version,...) |
| Manifest | `-m, --manifest` | JSON file from wordpress-audit |

## Output Formats

| Format | Flag | Description |
|--------|------|-------------|
| Human | `-o human` | Colored table (default) |
| JSON | `-o json` | Machine-readable JSON |
| None | `-o none` | Silent (exit code only) |

## Exit Codes

| Code | Meaning |
|------|---------|
| 0 | No vulnerabilities found |
| 1 | Vulnerabilities found (non-critical) |
| 2 | Critical vulnerabilities found |
| 10 | Error (network, parsing, etc.) |

## Severity Levels

Based on CVSS v3 scores:

| Level | CVSS Range | Color |
|-------|------------|-------|
| Critical | 9.0 - 10.0 | Red |
| High | 7.0 - 8.9 | Orange |
| Medium | 4.0 - 6.9 | Yellow |
| Low | 0.1 - 3.9 | Green |

## Security

### Input Validation

- **URL encoding** - Component slugs are URL-encoded to prevent injection
- **File size limits** - Manifest files limited to 10 MB to prevent memory exhaustion
- **Safe HTTP defaults** - TLS verification enabled, reasonable timeouts

### Data Source

Vulnerability data is fetched from [WPVulnerability.net](https://www.wpvulnerability.net/), a free CVE database for WordPress.

## API Reference

The scanner can also be used as a library:

```rust
use wordpress_vulnerable_scanner::{Analyzer, Scanner, Severity};
use wordpress_vulnerable_scanner::output::{OutputConfig, OutputFormat, output_analysis};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Scan a site
    let scanner = Scanner::new("https://example.com")?;
    let scan_result = scanner.scan().await?;

    // Analyze for vulnerabilities
    let analyzer = Analyzer::new()?;
    let analysis = analyzer.analyze(&scan_result).await;

    // Output results
    let config = OutputConfig::new(OutputFormat::Human, Severity::Low);
    let mut stdout = std::io::stdout();
    output_analysis(&analysis, &config, &mut stdout)?;

    Ok(())
}
```

## License

MIT License - see [LICENSE](LICENSE) for details.