Updated WPScan User Documentation (markdown)

2020-04-03 09:55:59 +02:00
parent d8f8f90392
commit a94b600d7b
1 changed files with 8 additions and 0 deletions
--- a/WPScan-User-Documentation.md
+++ b/WPScan-User-Documentation.md
@@ -53,6 +53,14 @@ _Get your API token from [wpvulndb.com](https://wpvulndb.com/) if you also want

 `wpscan --url example.com -e u --passwords /path/to/password_file.txt`

+## Vulnerability Database
+
+WPScan uses the [WordPress Vulnerability Database](https://wpvulndb.com/api) API in real time to retrieve known vulnerabilities that affect WordPress core, plugins and themes.
+
+For the vulnerability information to be shown within WPScan you will need to supply an API token with the `--api-token YOUR_TOKEN` option. A free API token is available, as well as paid plans, depending on your usage needs.
+
+If you do not supply an API token, WPScan will work as normal, with the exception that when a WordPress version, plugin or theme is detected, the associated known vulnerabilities will not be displayed.
+
 ## Bypassing Simple WAFs

 To bypass some simple WAFs you can try the `--random-user-agent` option.