About FireWP
Automated security scanning for WordPress plugins
Our Mission
FireWP helps developers and security researchers identify potential vulnerabilities in WordPress plugins before they become threats. We scan thousands of plugins to improve the security of the WordPress ecosystem.
Beta Status
The SAST (Static Application Security Testing) scanner is currently in beta. Please note:
- Some findings may be false positives
- Detection rules are continuously being improved
- Always verify findings with manual code review
- Coverage is expanding with each update
How It Works
FireWP uses pattern-based static analysis to scan WordPress plugin source code and detect potential security issues including:
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Insecure direct object references
- Missing capability checks
- Other OWASP Top 10 issues
Coverage
We continuously scan plugins from the WordPress.org repository, prioritizing popular plugins with high active install counts to maximize security impact across the ecosystem.
Findings should always be verified through manual security review.