Find plugin vulnerabilities before attackers do.
vScan checks every plugin, theme and core file on your WordPress, Joomla or Drupal site and tells you exactly what has a known vulnerability.
Want a quick check before signing up? Try our free WP-Audit tool — 13 checks, no login, no plugin needed.
Run free auditThe risk
Most sites get hacked through a plugin someone forgot to update.
Outdated plugins, themes and core files are the most common entry point for attackers. The fix is simple once you know what to look at.
of CMS breaches trace back to a known, unpatched vulnerability.
average time between a CVE being published and a typical site patching it.
live sites are running a plugin with an active vulnerability right now.
How it works
Set up in minutes, protected around the clock.
Install the plugin
Install and activate the vScan plugin on your CMS site. One-time setup, no server access, no dev work needed.
We scan continuously
We check every component on your site against newly published CVEs around the clock.
Get alerted straight away
When we find a vulnerability, we send an alert to your team right away.
The dashboard
Your whole stack in one view.
Every component listed with its version and whether it has known vulnerabilities.
Capabilities
Everything vScan does for your site.
Continuous CVE monitoring
We re-scan as soon as a new vulnerability is published.
Multi-CMS coverage
WordPress, Joomla and Drupal, all in one dashboard.
CVE severity scoring
Every finding shows its CVE score so you know how serious it is.
Full-stack coverage
Plugins, themes and core files all checked, not just the top layer.
Alert routing
Email alerts go out as soon as we find a vulnerable component. Slack and webhook support coming soon.