WordPress Plugin Checker

Find out which WordPress plugins - and versions - any site is running, across 200+ recognised plugins, plus any known vulnerabilities. Free online tool, no installation, instant results in your browser.

Free tier
No Signup Required
Instant Results
200+ plugins
https://

No credit card required • Instant results

Used by developers, agencies, and site owners to audit plugin stacks

200+ plugin signatures
Version & CVE lookup

200+ Plugin Detection

Enumerate the plugins a site runs using asset paths, readme.txt files, and script fingerprints.

  • wp-content/plugins paths
  • readme.txt enumeration
  • Script & style fingerprints
  • Covers ~70% of installs

Version Detection

Where exposed, we extract the exact plugin version so vulnerability matching is precise.

  • readme.txt stable tags
  • Asset ?ver= fingerprinting
  • 96% version accuracy
  • Outdated plugin flag

Plugin Vulnerabilities

Detected plugins are matched against 100K+ CVEs - the #1 WordPress attack vector - and the full report is included.

  • 100K+ CVE matching
  • CVSS 3.1 severity
  • Core & theme included
  • One scan, full picture

Detects 200+ Popular WordPress Plugins

Covering the large majority of WordPress installations worldwide

WooCommerce
Elementor
Yoast SEO
Contact Form 7
ACF
Jetpack
WPForms
Rank Math
W3 Total Cache
+190 more plugins

Frequently Asked Questions

How do I find out what plugins a WordPress site is using?

Enter the site URL above and run the scan. ScanTower enumerates plugins from wp-content/plugins asset paths, readme.txt files, and script/style fingerprints, then lists the detected plugins and versions.

How many plugins can it detect?

The scanner recognises 200+ of the most common WordPress plugins - covering the large majority of real-world installs - including WooCommerce, Elementor, Yoast SEO, Contact Form 7, ACF, Jetpack, and many more.

Does it detect plugin versions?

Where the version is exposed via readme.txt stable tags or asset query strings, we report it and match it against known vulnerabilities for that exact version.

Can it tell me if a plugin is vulnerable?

Yes. Detected plugins are cross-referenced against 100K+ CVEs with CVSS severity scoring, so you can see which plugins on the site have known security issues.

Do I get more than just the plugin list?

Every check runs the full WordPress scan, so along with the plugins you also get the WordPress core version, the active theme, known CVEs, and common security misconfigurations in one report.

That's Just the Beginning

FREE

This WordPress Plugin Check scan caught some issues. Run a Full Security Scan to uncover hidden threats like exposed secrets, malicious scripts, and supply chain attacks this quick check missed.

No Credit CardNo SignupInstant ResultsFree tier