Large scale vulnerability notifications research

The research project


We, researchers from the Secure Web Application Group at the CISPA - Helmholtz-Zentrum for Information Security, are conducting a large scale research project on vulnerable Web applications. These notifications should enable website owners to fix their sites.

Our analysis tool checks for already published vulnerabilities in WordPress Plugins and other Content Management Systems. If our tool found a vulnerability, we will notify the website owner about it and include steps to mitigate the vulnerability. These checks are performed in a non-intrusive way. Our tool will never try to exploit a vulnerability in your server or interfere with your services.

In case you want to contact us, you can send an email to If you want your websites to be excluded from our analysis in the future, you can send us an email with the domains, ip addresses or ip ranges which should be excluded.