Scanning for vulnerabilities in websites with our common WVS (Web Vulnerability Scanners) sometimes is not the most efficient solution. Often, when we do a penetration test against a website, it’s running one or another Content Management System. The only efficient way to scan a website running a certain CMS is by using a scanner made specifically for that certain Content Management System. In this article we discuss on how can we can do efficient scanning on WordPress websites for vulnerabilities.
First of all, let’s introduce ourselves to the tool we will be using – WPScan. It’s an aggressive WordPress vulnerability scanner that has features like plugin and theme detection. What makes it exceptionally useful is its ability to detect and report outdated plugins. WPScan comes installed in Kali Linux by default, however, if you for some reason do not have it, you can install it by performing
apt update && apt install wpscan
Once you have it installed, you can already use it as is, however, we recommend getting a WPScan API key from their website. Just register at WPVulnDB and receive your free API key.
After signing up and generating your API token, start up your Kali Linux machine. Open up your terminal and type the following command:
wpscan –url <target url> –api-token <API token> –detection-mode aggressive
This will start a scan on your target url following an aggressive detection mode, which means that WPScan will actively try to identify plugins via brute-force. Before the scan though, you might be asked to update the WPScan database. We would advise you do it before running the scan.
That’s it, in a few minutes the scan will enumerate all the plugins and themes on the target website and report back any possible vulnerabilities. In our case, we found a possible security issue:
That concludes our article on scanning WordPress websites for vulnerabilities. If you found this useful, please leave a comment or consider sharing this post on social media!