WordPress CVE Scanner is an experimental project aimed at identifying vulnerabilities in WordPress plugins. The idea is to download all available WordPress plugins and analyze their source code using custom rules written for Semgrep, a static code analysis tool.
The primary goal is to automate the detection of common vulnerabilities in WordPress plugins, such as CSRF, SQL Injection, and other well-known issues.
- 🔄 Massive Download: Automatic downloading of all plugins available on WordPress.org.
- 🔍 Code Analysis: Scanning plugin source code using custom-designed Semgrep rules.
- 📋 Custom Rules: Development and application of advanced rules to detect common vulnerability patterns in plugins.
- 📊 Future Results: Aiming to build a results archive to map the most prevalent vulnerabilities in WordPress plugins.
Acknowledgments for inspiration and technical contributions to:
- Automating CSRF Detection in WordPress Plugins with Semgrep
- GreedyForSQLi WordPress Rules
- Cyllective WordPress Plugin Audit
This project is licensed under the MIT License.
Feel free to use, modify, and share the project while adhering to the license terms.