This project try to help sysadmins and blog’s owners to make a bit secure their WordPress.

Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine. 

What’s new?

This Plecost 3 version, add a lot of new features and fixes, like:

• Fixed a lot of bugs.
• New engine: without threads or any dependencies, but run more
  faster. We’ll used python 3 asyncio and non-blocking connections. Also
  consume less memory. Incredible, right? 🙂
• Changed CVE update system and storage: Now Plecost get
  vulnerabilities directly from NIST and create a local SQLite data base
  with filtered information for WordPress and theirs plugins.
• WordPress vulnerabilities: Now Plecost also manage WordPress Vulnerabilities (not only for the Plugins).
• Add local vulnerability database are queryable. You can consult the
  vulnerabilities for a concrete wordpress or plugins without, using the
  local database.

Installation

Install Plecost is so easy:

$ python3 -m pip install plecost

Remember that Plecost3 only runs in Python 3.

Quick start

Scan a web site si so simple:

$ plecost http://SITE.com

A bit complex scan: increasing verbosity exporting results in JSON format and XML:

JSON

$ plecost -v http://SITE.com -o results.json

XML

$ plecost -v http://SITE.com -o results.xml

Example :

 Download and read more at: