WPScan FAQs

Question 1

What is WPScan-MCP and what does it do?

Accepted Answer

WPScan-MCP is an MCP (Multi-Client Protocol) server written in TypeScript that provides direct access to the WPScan API v3. It allows users to programmatically look up security vulnerabilities for WordPress plugins, themes, and core, as well as specific vulnerabilities by WPvDB ID.

Question 2

What types of WordPress vulnerabilities can I look up with WPScan-MCP?

Accepted Answer

You can look up vulnerabilities for specific WordPress plugins by slug and version, WordPress themes by slug and version, and WordPress core by its numerical version (e.g., 6.4.2 as 642). Additionally, it supports looking up specific vulnerabilities using their WPvDB ID.

Question 3

What are the requirements to set up and use WPScan-MCP?

Accepted Answer

To use WPScan-MCP, you need Node.js (version 18 or higher) or Bun, and a valid WPScan API token. Once installed, you'll set your API token as an environment variable and then build and run the server, which can be integrated into various MCP clients.

Question 4

Can WPScan-MCP help with development by generating TypeScript types?

Accepted Answer

Yes, WPScan-MCP includes a useful feature that allows you to generate TypeScript types directly from the official WPScan OpenAPI specification. This can significantly streamline development when building integrations or working with the API data.

Question 5

How does WPScan-MCP integrate with other tools and clients?

Accepted Answer

WPScan-MCP uses stdio transport, making it easy to integrate with any MCP-compatible client. Examples include configuring it within Claude Desktop's MCP servers or setting it up as a server in VSCode's MCP extension, enabling seamless vulnerability lookups within your preferred development environment.

WPScan

WPScan

关于

主要功能

使用案例

关于

主要功能

使用案例