PluginProbe ʕ •ᴥ•ʔ

About PluginProbe

A security explorer for the WordPress plugin ecosystem.

What is PluginProbe?

PluginProbe indexes every plugin available on WordPress.org and runs automated security analysis against their source code. The results are presented inline alongside the code so you can see exactly where a finding appears and judge its severity in context.

AI-assisted tooling is lowering the bar for discovering WordPress vulnerabilities. PluginProbe exists to give defenders the same visibility before those vulnerabilities are exploited in the wild.

Who is it for?

Site owners
Check whether the plugins you run have known security findings before attackers find them for you.
Developers
Audit your own plugin before release. Browse findings inline in your source code to understand what needs fixing.
Security researchers
Explore the full plugin catalog with analysis results filtered by severity, finding type, or PHP version compatibility.

How it works

1
Index
The PluginProbe crawler periodically queries the WordPress.org API to discover new and updated plugins. Plugin metadata, version history, and download links are stored in the database.
2
Analyze
For plugins selected for analysis, the crawler downloads the plugin ZIP and runs multiple types of automated security analysis. See the analysis types page for details on what is checked.
3
Browse
Findings are stored and linked to specific files and line numbers. You can browse the source code directly in the browser with findings highlighted inline.
4
Stay informed
Watchlists and email alerts are coming soon. Track the plugins you use and get notified the moment a new finding is discovered.

Data sources

  • WordPress.org Plugin API plugin metadata, version history, download links
  • WordPress.org SVN plugin source archives (ZIP) for analysis
  • Static analysis tools multiple analysis types applied to plugin source code

All data is sourced from public APIs and repositories. PluginProbe does not access or store private plugin data. See Bot docs for details on how the crawler identifies itself.

Browse plugins