How to find Vulnerabilities on a WordPress site WP Scan Synapsint

Introduction
WPScan is a tool designed for security professionals to enumerate WordPress websites and identify potential vulnerabilities. It can check the WordPress version, plugins, themes, user names, and weak passwords, among other things. This guide will demonstrate how to enumerate and find vulnerabilities on a WordPress website using WPScan. Ensure you have explicit written permission to test the website before performing a test.
Running a scan
- Basic Command:
wpscan –url http://yourwordpresssite.com
- Using Enumeration Options:
WPScan has different modes for enumeration: passive, aggressive, and mixed (default).
Command to Enumerate Vulnerable Plugins, Themes, and Users
Examples:
– `–url`: The target URL.
– `-e vp,vt,u`: Enumeration options for vulnerable plugins (`vp`), vulnerable themes (`vt`), and user enumeration (`u`).
– `–api-token`: Your WPScan API token.
Analysing Scan Results
Once the scan is complete, you’ll see results categorised with green plus signs (information) and red exclamation marks (vulnerabilities).
- Review Headers and Robot Files:
– WPScan will display information from WordPress headers and robot files, which can sometimes reveal interesting details.
- Check Themes and Plugins:
– The scan results will list themes, plugins, and any known vulnerabilities.
– Example: A theme with a known vulnerability will be detailed, including the fixed version.
- Vulnerabilities and Fixes:
– For each vulnerability found, WPScan provides references and details.
– Example: A cross-site scripting (XSS) vulnerability in the Elementor plugin. If the website uses an outdated version, it will be flagged, and you can look up the specific CVE or advisory for more details.