WPSec June 2026 Update: Introducing Attack Surface

12 Jun, 2026, No comments

June 2026 Update

Introducing Attack Surface — see where your sites are exposed

Hi Andris Veliks,

This month we’re launching the biggest addition to WPSec in a while: Attack Surface — a per-plugin security risk analysis for every WordPress site you scan. Plugins are where most WordPress sites get compromised, and Attack Surface gives you the clearest picture yet of where yours are exposed.

Introducing Attack Surface

Every plugin you install adds code that can be attacked. Attack Surface analyzes every plugin WPSec detects across your sites and rates each one — so you can see your real exposure at a glance.

A risk level for every plugin — Critical, High, Medium, Low, or Minimal
A 0–100 risk score, so you can compare plugins directly
Outdated plugins flagged with exactly how many releases behind they are
Plugins removed from WordPress.org flagged automatically — a common warning sign
Every site on your account, in one place

Open Attack Surface

See exactly what’s exposed

For every plugin, Attack Surface breaks down what actually makes up its attack surface:

REST API endpoints the plugin registers — each one is a way in
Input parameters it accepts — every one is a potential injection point
File upload points — among the highest-risk vectors on any site
WordPress hooks that handle user input, such as AJAX handlers
Security issues surfaced by static analysis, mapped to their OWASP category

Two views, built for fixing things

Look at your plugins whichever way helps you act:

By Website — the full risk profile of a single site
By Severity — every plugin across all your sites, ranked worst-first, so you tackle the most dangerous things first
Hide plugins whose risk you’ve accepted, report false positives, or manually add plugins a scan didn’t catch

Share it as a PDF

Need to hand the findings to a client or a colleague? Download a complete Attack Surface report as a PDF — a clean summary of every site and every plugin, ready to send or file.

Attack Surface is part of WPSec Premium. Log in to open it from your dashboard.

Open Attack Surface

X · LinkedIn · Instagram · Facebook

WPSec - WordPress Security Scanning

Unsubscribe · Privacy Policy

WPSEC

12 Jun, 2026, No comments

WPSec June 2026 Update: Introducing Attack Surface

June 2026 Update

Introducing Attack Surface

See exactly what’s exposed

Two views, built for fixing things

Share it as a PDF

WPSEC

Create your website or online store with Mozello