Vulnerability Detection for WordPress

WP Vulnerabilities – An open-source initiative

WP Vulnerabilities is an open-source, free API by Javier Casares with contributions from other open-source, freely available databases and many manual hours from moderators and security officers from other plugins, including our own security officer.

Really Simple Security mirrors the free database with its own instance to secure stability and deliverability, but of course provides the origin database with an API to enrich, or improve its current data.

An open-source platform, with an enormous community like WordPress, that provides opportunities for anyone to build personal projects or exciting businesses should do so on a framework that is secure. This is why Really Simple Security supports open-source initiatives that strengthen WordPress’ position as a secure CMS.

Reporting vulnerabilities

You can help us out by submitting vulnerabilities to our security officer. To do this, you can start by reading the conditions and filling out the form here. This submission, with proof of concept, will be researched and shared throughout the network if necessary.

Why vulnerability detection for WordPress?

WordPress is one of the most popular content management systems (CMS) in the world, powering over 40% of all websites on the internet. This popularity also makes it a target for hackers and cybercriminals looking to exploit any weaknesses in its code to gain access to sensitive information, compromise websites, or launch attacks on other websites.

When vulnerabilities are discovered in WordPress, they can be exploited by attackers to inject malicious code, steal data, or take control of websites. Keeping an eye on WordPress vulnerabilities enables website owners, developers, and administrators to stay informed about the latest security threats and take proactive measures to protect their websites.

WordPress regularly releases security patches and updates to fix vulnerabilities, but it’s important to keep an eye on third-party plugins and themes that may also have security flaws. By staying up-to-date on the latest vulnerabilities in WordPress and its associated plugins and themes, website owners can take action to prevent security breaches and keep their websites safe from harm.

Vulnerability Detection in Really Simple Security

Really Simple Security began to offer Vulnerability Detection in its Free plugin from version 7.0.0 onwards. A notification system in the plugin will notify website administrators when a vulnerability is found, and which action is appropriate. The user can configure the notification system to suit their needs. It’s a simple, yet effective way to support millions of users to keep their websites safe and up-to-date.

In Really Simple Security Pro, you can additionally configure automatic measures based on the severity of detected vulnerabilities (e.g., quarantine).

From SSL to Security – Why Really Simple Security?

First published in 2015 to easily migrate websites to SSL, the plugin has now more than 3 million users to install SSL certificates, handle migrations, mixed content, redirects and security headers. In 2023, the Really Simple Security plugin took it’s first big step by adding many heavyweight security features, yet lightweight and simple to use & configure.

Simple and Performant Security.


Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.