WP-Audit v1.0 Release Notes
π‘οΈ Version 1.0 β Initial Public Release
Release Date: 2025-11-27
β¨ Features
- AI-Powered audit reports for WordPress sites
- HTML and Markdown report generation
- Fully modular architecture with priority-based modules
- Automatic CVE and exploit detection
- Full TLS request support
- Proxy support for scanning through HTTP(S) proxies
- Password brute-forcing (authorized use only)
- Easy to use CLI with multiple options
- Threaded scanning for faster results
π§ Modules Included
- WP Admin β Detect wp-admin, login, register, and XML-RPC endpoints
- Backup Files Scanner β Scan for exposed backup files
- WP Brute Force β Credential brute-force module (authorized use only)
- WP Fuzzer β Fuzz WordPress endpoints and parameters
- Exposed GIT Scanner β Detect public .git directories
- Directory Listing Scanner β Check for directory listing enabled
- WP Plugins β Enumerate installed plugins
- Exposed SVN Scanner β Detect public .svn directories
- WP Themes β Enumerate WordPress themes
- WP Users β Enumerate WordPress users
- WP Versions β Multi-method WordPress version detection
- WP Vulnerabilities β Check core, plugins, and themes for known CVEs
- WP-Audit is an offensive security tool intended only for authorized testing and research. Do not scan targets without explicit permission.
Full Changelog: https://github.com/Web3-Serializer/WP-Audit/commits/Main