WP-Safety

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Security & Risk Analysis

wordpress.org/plugins/vulntitan

VulnTitan security toolkit for WordPress sites. Detect and remove malware, vulnerable plugins, risky file changes, and comment spam.

0 active installs v2.1.6 PHP 7.4+ WP + Updated Mar 15, 2026
malware-removalmalware-scannervulnerability-scanner
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VulnTitan – Malware Scanner, Vulnerability Scanner & Security Safe to Use in 2026?

Generally Safe

Score 100/100

VulnTitan – Malware Scanner, Vulnerability Scanner & Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 19d ago
Risk Assessment

The "vulntitan" v2.1.12 plugin exhibits a generally positive security posture, characterized by robust use of prepared statements for SQL queries and a high percentage of properly escaped outputs. The absence of known CVEs and vulnerability history further suggests a commitment to security by the developers. The static analysis also shows good practices like a significant number of nonce and capability checks, and no indication of critical or high severity taint flows.

However, a notable concern arises from the presence of 22 AJAX handlers, with one handler lacking any authentication checks. This unprotected entry point represents a potential avenue for unauthorized actions if an attacker can trigger it. While no dangerous functions were identified and external HTTP requests are limited, the single unprotected AJAX handler is a significant weakness that could be exploited. The file operations count is also moderately high, which warrants careful review in conjunction with the unprotected AJAX handler.

In conclusion, "vulntitan" v2.1.12 has many strengths, particularly in its handling of data and output. The lack of historical vulnerabilities is reassuring. The primary weakness lies in the single unprotected AJAX endpoint, which, despite the plugin's otherwise solid foundation, presents a clear and actionable security risk that needs immediate attention.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
40 prepared
Unescaped Output
57
139 escaped
Nonce Checks
25
Capability Checks
29
File Operations
21
External Requests
3
Bundled Libraries
0

SQL Query Safety

91% prepared44 total queries

Output Escaping

71% escaped196 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
malwareFixFinding (includes\Admin\Ajax.php:729)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Attack Surface

Entry Points22
Unprotected1

AJAX Handlers 22

authwp_ajax_vulntitan_vulnerability_scan_itemincludes\Admin\Ajax.php:17
authwp_ajax_vulntitan_vulnerability_rescan_itemincludes\Admin\Ajax.php:18
authwp_ajax_vulntitan_vuln_risk_updateincludes\Admin\Ajax.php:19
authwp_ajax_vulntitan_vuln_risk_clearincludes\Admin\Ajax.php:20
authwp_ajax_vulntitan_vuln_risk_auditincludes\Admin\Ajax.php:21
authwp_ajax_vulntitan_malware_scan_initincludes\Admin\Ajax.php:22
authwp_ajax_vulntitan_malware_scan_fileincludes\Admin\Ajax.php:23
authwp_ajax_vulntitan_malware_scan_batchincludes\Admin\Ajax.php:24
authwp_ajax_vulntitan_malware_fix_findingincludes\Admin\Ajax.php:25
authwp_ajax_vulntitan_integrity_scan_initincludes\Admin\Ajax.php:26
authwp_ajax_vulntitan_integrity_scan_fileincludes\Admin\Ajax.php:27
authwp_ajax_vulntitan_integrity_scan_batchincludes\Admin\Ajax.php:28
authwp_ajax_vulntitan_firewall_get_dataincludes\Admin\Ajax.php:29
authwp_ajax_vulntitan_firewall_save_settingsincludes\Admin\Ajax.php:30
authwp_ajax_vulntitan_firewall_clear_logsincludes\Admin\Ajax.php:31
authwp_ajax_vulntitan_firewall_approve_requestincludes\Admin\Ajax.php:32
authwp_ajax_vulntitan_firewall_dismiss_approvalincludes\Admin\Ajax.php:33
authwp_ajax_vulntitan_firewall_unblock_ipincludes\Admin\Ajax.php:34
authwp_ajax_vulntitan_firewall_allowlist_ipincludes\Admin\Ajax.php:35
authwp_ajax_vulntitan_firewall_get_learningincludes\Admin\Ajax.php:36
authwp_ajax_vulntitan_firewall_apply_learningincludes\Admin\Ajax.php:37
authwp_ajax_vulntitan_firewall_dismiss_learningincludes\Admin\Ajax.php:38
WordPress Hooks 47
actionadmin_menuincludes\Admin\Admin.php:27
actionadmin_noticesincludes\Admin\Admin.php:28
actionadmin_enqueue_scriptsincludes\Admin\Admin.php:31
actioninitincludes\MuFirewall\Runtime.php:40
filterauthenticateincludes\MuFirewall\Runtime.php:42
actionwp_login_failedincludes\MuFirewall\Runtime.php:43
actionwp_loginincludes\MuFirewall\Runtime.php:44
filtercron_schedulesincludes\Plugin.php:43
filtercron_schedulesincludes\Plugin.php:64
actionlogin_enqueue_scriptsincludes\Services\CaptchaService.php:24
actionwp_enqueue_scriptsincludes\Services\CaptchaService.php:25
actionlogin_formincludes\Services\CaptchaService.php:26
actionregister_formincludes\Services\CaptchaService.php:27
actionlostpassword_formincludes\Services\CaptchaService.php:28
actioncomment_form_after_fieldsincludes\Services\CaptchaService.php:29
actioncomment_form_logged_in_afterincludes\Services\CaptchaService.php:30
filterauthenticateincludes\Services\CaptchaService.php:31
filterregistration_errorsincludes\Services\CaptchaService.php:32
actionlostpassword_postincludes\Services\CaptchaService.php:33
filterpre_comment_approvedincludes\Services\CaptchaService.php:34
actioncomment_form_after_fieldsincludes\Services\CommentSpamService.php:33
actioncomment_form_logged_in_afterincludes\Services\CommentSpamService.php:34
filterpreprocess_commentincludes\Services\CommentSpamService.php:35
filterrest_preprocess_commentincludes\Services\CommentSpamService.php:36
filterpre_comment_approvedincludes\Services\CommentSpamService.php:37
actioninitincludes\Services\LoginAccessService.php:27
actionwp_loadedincludes\Services\LoginAccessService.php:28
filtersite_urlincludes\Services\LoginAccessService.php:29
filternetwork_site_urlincludes\Services\LoginAccessService.php:30
filterlogin_urlincludes\Services\LoginAccessService.php:31
filterlogout_urlincludes\Services\LoginAccessService.php:32
filterlostpassword_urlincludes\Services\LoginAccessService.php:33
filterregister_urlincludes\Services\LoginAccessService.php:34
filterlostpassword_redirectincludes\Services\LoginAccessService.php:35
filterwp_redirectincludes\Services\LoginAccessService.php:36
filterauthenticateincludes\Services\LoginSecurityService.php:34
actionlogin_form_vulntitan_2faincludes\Services\LoginSecurityService.php:35
actionadmin_enqueue_scriptsincludes\Services\LoginSecurityService.php:36
actionadmin_initincludes\Services\LoginSecurityService.php:37
actionadmin_noticesincludes\Services\LoginSecurityService.php:38
actionshow_user_profileincludes\Services\LoginSecurityService.php:39
actionpersonal_options_updateincludes\Services\LoginSecurityService.php:40
actionprofile_updateincludes\Services\LoginSecurityService.php:41
actionuser_profile_update_errorsincludes\Services\LoginSecurityService.php:42
actionvalidate_password_resetincludes\Services\LoginSecurityService.php:43
filterregistration_errorsincludes\Services\LoginSecurityService.php:44
actionplugins_loadedvulntitan.php:42
Maintenance & Trust

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads973

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Alternatives

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

A
100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs
Quttera ThreatSign – Web Malware Scanner for WordPress

Quttera ThreatSign – Web Malware Scanner for WordPress

quttera-web-malware-scanner

A
98

WordPress multi-level security scanner detecting malware, 0-day threats, brute-force attacks, bot attacks, and unauthorized admin changes.

10K 3 CVEs
Malcure Malware Shield — Removal, Repair, Monitor

Malcure Malware Shield — Removal, Repair, Monitor

wp-malware-removal

A
96

Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.

10K 3 CVEs
Bravo WP security Plugin

Bravo WP security Plugin

bravo-security

A
85

Bravo WP Security Plugin, Is a plugin helps you to hide wordpress side by side Bravo wordpress firewall, wordpress antivirus (wordpress malware scanne …

10 No CVEs
Content Guard Pro – Database Malware Scanner & Spam Detector

Content Guard Pro – Database Malware Scanner & Spam Detector

content-guard-pro

A
100

Scan your WordPress database for hidden malware, spam links, and SEO injections that file-based security plugins miss. Gutenberg-aware.

0 No CVEs
Developer Profile

VulnTitan – Malware Scanner, Vulnerability Scanner & Security Developer Profile

Jaroslav Svetlik

4 plugins · 40 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VulnTitan – Malware Scanner, Vulnerability Scanner & Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vulntitan/build/css/vendors.css/wp-content/plugins/vulntitan/build/css/main.css/wp-content/plugins/vulntitan/build/js/vendors.js/wp-content/plugins/vulntitan/build/js/main.js
Script Paths
/wp-content/plugins/vulntitan/build/js/vendors.js/wp-content/plugins/vulntitan/build/js/main.js
Version Parameters
vulntitan/build/css/vendors.css?ver=vulntitan/build/css/main.css?ver=vulntitan/build/js/vendors.js?ver=vulntitan/build/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
vulntitan-admin-settings-pagevt-firewall-settingsvt-firewall-logs-tablevt-firewall-rules-listvt-firewall-settings-sectionvt-firewall-setting-rowvt-firewall-input-fieldvt-firewall-textarea+13 more
HTML Comments
<!-- VulnTitan Firewall Settings --><!-- VulnTitan Firewall Logs --><!-- VulnTitan Firewall Rules --><!-- VulnTitan Firewall Options -->+12 more
Data Attributes
data-vulntitan-firewall-settingsdata-vt-firewall-log-iddata-vt-firewall-ipdata-vt-firewall-action
JS Globals
vulntitanFirewallSettingsvulntitanFirewallDatavtFirewallvtFirewallAdmin
REST Endpoints
/wp-json/vulntitan/v1/firewall/settings/wp-json/vulntitan/v1/firewall/logs/wp-json/vulntitan/v1/firewall/rules/wp-json/vulntitan/v1/firewall/allowlist/wp-json/vulntitan/v1/firewall/blocklist/wp-json/vulntitan/v1/firewall/action
FAQ

Frequently Asked Questions about VulnTitan – Malware Scanner, Vulnerability Scanner & Security