WPScan integration
Run WPScan with JSON output (--format json) and upload the file against the WPScan source.
Scan types imported
- WordPress core, plugin and theme vulnerabilities
File import
The template walks the vulnerabilities arrays in the WPScan JSON.
What Centraleyezer expects in the file
- Per finding: title, the fixed_in version (used as the recommendation) and CVE references, attached to the scanned site URL.
How imported findings are risk-scored
Every WPScan finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.