Vulnytics
Install free →
live cve database · 17,795 tracked

Catch the vulnerability before they exploit it.

Vulnytics is a security console for WordPress. It matches every plugin, theme and core file against a live CVE database, scores your risk, blocks known exploits at runtime, and proves what it caught.

Install the free plugin → See it in action
17,795
CVEs tracked, live
<1s
to first finding
0
site content sent
Matched against 17,795 CVE records — aggregated from WPVulnerability, NVD & Wordfence Intelligence, refreshed daily. Matching runs server-side, so the database can't be cracked.
The console

One calm dashboard. Every signal that matters.

Not a wall of alarms — a security instrument that shows the CVE, the CVSS, and the exact version that fixes it.

See your real risk, scored.

Every installed component is matched, version-range by version-range, against a live database of known CVEs. You get findings ranked by CVSS, a 0–100 security score and an A–F grade — the whole picture at a glance.

  • Live CVE matching across plugins, themes & core
  • Score + grade you can put in front of a client
  • Only component name & version leave your site
Overview · free
vulnytics · overview
Vulnytics security overview with score ring and severity stats

Every finding, as evidence.

Open any finding and you get the CVE, the CVSS vector, the affected range, references, and the version that patches it — then update with a click. No guesswork, no copy-paste from a dozen tabs.

  • CVE · CVSS · references on every finding
  • 1.6.3 → 1.6.4 version-diffs
  • One-click update for vulnerable plugins
Findings · free
vulnytics · findings
Vulnytics findings list with CVE detail drawer

Block the exploit, before the patch.

When a known exploit hits a component you haven't updated yet, Vulnytics blocks the request at runtime — closing the dangerous gap between a CVE going public and a vendor fix. Run it in monitor or enforce mode.

  • Per-vulnerability virtual patching
  • Brute-force lockout + app-based 2FA
  • A live log of every blocked attempt
Protection · Pro
vulnytics · protection
Vulnytics protection: virtual patching shield and 2FA

Malware & integrity

Core files verified against WordPress.org checksums; theme, plugins, uploads and your database scanned for injected code. Quarantine a suspicious file in one click.

13-point hardening

File editing, XML-RPC, user enumeration, salts, headers and more — audited, with one-click fixes on Pro.

Agency fleet

Every client site's score in one place, plus a clean white-label PDF report — your logo, your name. The deliverable clients actually read.

For agencies

Hand your client a report, not a screenshot.

Generate a self-contained, printable security report — branded with your agency's name and logo — covering the score, findings, hardening and file integrity. The kind of deliverable that justifies a retainer.

  • White-label: your brand, your colors
  • Score, findings, hardening & integrity in one PDF
  • Multi-site fleet roll-up for every client
Reports · Agency
acme-security · client-report.pdf
White-label client security report PDF
How it works

Live in three steps.

01

Install the free plugin

Add Vulnytics to any WordPress site from your dashboard. No account needed to start — the free tier scans immediately.

02

Scan & score

Components are matched against the live CVE database server-side. You get findings, a security score, a 13-point hardening audit and a malware check.

03

Fix & protect

Update with a click, harden in one tap, turn on virtual patching and 2FA, and hand your client a branded report.

Pricing

Start free. Upgrade when you're protecting real sites.

Billed securely through Paddle. 14-day money-back guarantee — cancel anytime.

FREE
$0
For a single site you maintain yourself.
  • Vulnerability scanning & security score
  • 13-point hardening audit
  • Login security + 2FA
  • Core integrity & malware check
Install free
MOST POPULAR
PRO
$129/ yr · per site
For professionals protecting a site that matters.
  • Everything in Free
  • Virtual patching (block known exploits)
  • One-click fixes + malware quarantine
  • Scheduled scans + email & Slack alerts
  • White-label client reports
Start Pro
AGENCY
$349/ yr
For agencies managing a fleet of client sites.
  • Everything in Pro
  • Multi-site fleet dashboard
  • Branded reports across all sites
  • Per-client alerting + priority support
Talk to us
FAQ

Questions, answered.

How big is your vulnerability database?

17,795 CVE records across WordPress core, plugins and themes — aggregated from WPVulnerability, NVD and Wordfence Intelligence, refreshed daily. Matching runs on our servers, so the data can't be extracted from the plugin.

What data leaves my site?

Only the type, slug and version of your installed components. No content, URLs, credentials or file contents — ever. See our Privacy Policy.

Will it slow down my site?

No. The heavy matching happens server-side; the plugin sends a tiny inventory. Hardening, integrity and protection run locally and are bounded for performance.

Is virtual patching a full firewall?

It's targeted, per-vulnerability mitigation: when a known exploit pattern hits a flagged component, the request is blocked. A focused wedge — and we're honest that it isn't a generic WAF.

Can I cancel?

Anytime, from your billing dashboard, with a 14-day money-back guarantee. See our Refund Policy.

Know before they do.

Install the free plugin and run your first scan in under a minute.

Install Vulnytics free →