Scan in progress · 47 components

Find plugin vulnerabilities before attackers do.

vScan checks every plugin, theme and core file on your WordPress, Joomla or Drupal site and tells you exactly what has a known vulnerability.

Live scan · askarlabs.com 47 components
Live vulnerability scan in progress A stacked anatomy of a website's components - plugins, themes, core. A violet scan border walks down the stack one component at a time, revealing each as secure (green dot) until it reaches contact-form-7, which is flagged with a CVE vulnerability tag. header.php theme · astra v4.6.2 plugin · contact-form-7 CVE-4892 plugin · yoast-seo v21.3 wp-core v6.4.2 plugin · woocommerce v8.5

Want a quick check before signing up? Try our free WP-Audit tool — 13 checks, no login, no plugin needed.

Run free audit

The risk

Most sites get hacked through a plugin someone forgot to update.

Outdated plugins, themes and core files are the most common entry point for attackers. The fix is simple once you know what to look at.

61%

of CMS breaches trace back to a known, unpatched vulnerability.

47 days

average time between a CVE being published and a typical site patching it.

4.2M

live sites are running a plugin with an active vulnerability right now.

How it works

Set up in minutes, protected around the clock.

01

Install the plugin

Install and activate the vScan plugin on your CMS site. One-time setup, no server access, no dev work needed.

02

We scan continuously

We check every component on your site against newly published CVEs around the clock.

03

Get alerted straight away

When we find a vulnerability, we send an alert to your team right away.

The dashboard

Your whole stack in one view.

Every component listed with its version and whether it has known vulnerabilities.

vScan dashboard showing a component inventory with vulnerability status

Capabilities

Everything vScan does for your site.

Continuous CVE monitoring

We re-scan as soon as a new vulnerability is published.

Multi-CMS coverage

WordPress, Joomla and Drupal, all in one dashboard.

CVE severity scoring

Every finding shows its CVE score so you know how serious it is.

Full-stack coverage

Plugins, themes and core files all checked, not just the top layer.

Alert routing

Email alerts go out as soon as we find a vulnerable component. Slack and webhook support coming soon.

Start in minutes

Find what's vulnerable before attackers do.

Start free scan