- What is the WPScan CNA?
- WPScan is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 4,218 CVE records since 2021.
- How many CVEs has WPScan published?
- WPScan has published 4,218 CVE records, including 1,252 in the last two years.
- What is WPScan's CVE data quality grade?
- RadicalNotion.AI grades WPScan's CVE data quality as D, with an overall completeness score of 61.4%. This reflects how consistently its CVE records include vendor (99.7%), product (99.7%), CVSS (0%), and CWE (46%) information.
- What products does WPScan publish CVEs for?
- WPScan most frequently publishes CVEs for contest gallery, photo gallery, Tutor LMS, download_manager, ninja_forms.
- Which vendors does WPScan cover?
- WPScan publishes CVEs across 101 distinct vendors, most often Tips and Tricks HQ, 10Web, WordPress, AYS Pro, Automattic.
- Is WPScan actively publishing CVEs?
- WPScan is currently active, based on 1,252 CVEs in the last two years.
- How many critical CVEs has WPScan published?
- WPScan has published 265 critical-severity CVEs and 853 high-severity CVEs.
- Are any of WPScan's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of WPScan's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in WPScan's CVEs?
- WPScan's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization).
- How does WPScan rank among CNAs?
- By total CVE volume, WPScan ranks #15 of 370 CNAs, and it reports more complete CVE records than 15% of all CNAs.