WPScan Logo

WPScan - WordPress vulnerability scanner

WPScan is a tool for scanning WordPress installations for vulnerabilities. It includes a plugin enumerator that identifies installed plugins as well as vulnerabilities associated with the installed version of each plugin. Additionally, WPScan can enumerate usernames for the WordPress site based on User ID numbers. WPScan also includes a brute force mechanism for brute forcing passwords when supplied with a dictionary.
You can find more information on the WPScan home page here:

Proof of Concept: