From a94b600d7b884a473166e7bce721af3d0c59d791 Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Fri, 3 Apr 2020 09:55:59 +0200
Subject: [PATCH] Updated WPScan User Documentation (markdown)

---
 WPScan-User-Documentation.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/WPScan-User-Documentation.md b/WPScan-User-Documentation.md
index 943be92..9b636e1 100644
--- a/WPScan-User-Documentation.md
+++ b/WPScan-User-Documentation.md
@@ -53,6 +53,14 @@ _Get your API token from [wpvulndb.com](https://wpvulndb.com/) if you also want
 
 `wpscan --url example.com -e u --passwords /path/to/password_file.txt`
 
+## Vulnerability Database
+
+WPScan uses the [WordPress Vulnerability Database](https://wpvulndb.com/api) API in real time to retrieve known vulnerabilities that affect WordPress core, plugins and themes.
+
+For the vulnerability information to be shown within WPScan you will need to supply an API token with the `--api-token YOUR_TOKEN` option. A free API token is available, as well as paid plans, depending on your usage needs.
+
+If you do not supply an API token, WPScan will work as normal, with the exception that when a WordPress version, plugin or theme is detected, the associated known vulnerabilities will not be displayed.
+
 ## Bypassing Simple WAFs
 
 To bypass some simple WAFs you can try the `--random-user-agent` option.