Select scan results (optional)

historical context · CWE seed

CVE Match Only

Skip context selection and scan a product version directly. All source files will be analyzed without historical pattern filtering.

02.6

Filters & advanced

extensions · skip dirs · depth

Filters & advanced settings

File extension filter (empty = all)

Comma-separated extensions. Example: .php, .inc to only scan PHP files.

Skip directories (extra exclusions)

Comma-separated directory names added to the built-in exclusions.

Tip. Filtering by extension speeds up analysis. Common: .php · .js · .py · .java · .rb.

Use true positives only Only include examples that were confirmed as true positives by the AI judge.

WordPress plugin mode Enable endpoint reachability analysis. Only show vulnerabilities in functions reachable from WordPress REST API, AJAX handlers, or admin pages.

Context analysis depth 3

1 (direct only) 2 3 (default) 4 5 (deep)

Controls how deep to recursively fetch function definitions. Higher depth provides more context but takes longer.

02.65

Rules (optional · speeds up scanning)

grep + sink · two-pass detection

Rule selection & AI options

Rule-based filtering (optional). When rules are selected, two-pass detection is used:

Pattern matching. Extract lines matching security-sensitive patterns.
Initial pass. AI performs quick triage on matched patterns.
Deep scan. Full analysis of files flagged in the initial pass.

Without rules. All source files will be analyzed directly (slower but more comprehensive).

02.7

Examples (optional)

AI uniqueness pass · manual select

Example selection

Choose how many examples to use and optionally select specific examples or use AI to identify unique examples with different fix patterns.

Example count

Number of examples to use per CWE (default: 5).

AI unique examples

Click to let AI identify unique examples with different fix patterns.

Manually select examples Or browse all available examples and choose manually.

Target product & version

launch · 0day detection

Select the product and version you want to scan for 0day vulnerabilities based on the selected CWE patterns.

Target product *

The product codebase to scan for similar vulnerabilities.

Target version *

Version of the target product to scan.

My scans

popular-plugin sweeps · resume · delete

Loading scans...

WordPress popular plugins scanner

fetch · download · scan

Scan popular WordPress plugins for zero-day vulnerabilities. Fetches the most popular plugins from WordPress.org, downloads them, and runs vulnerability detection.

Plugin limit

Number of popular plugins to scan (1–1000). Empty / 0 = scan all available.

File extension filter (empty = all)

Comma-separated extensions. Default: .php for WordPress plugins.

CWE types *

⌕

Select at least one CWE type to detect.

No CWEs selected

Analysis options

Context analysis depth 3

1 (direct) 2 3 (default) 4 5 (deep)

Enable AI analysis Run AI vulnerability analysis on matched patterns.

Enable InputTracer filtering Only analyze matches where variables receive user input.

Use grep / sink rules Pre-filter files using pattern matching before AI analysis (faster for large codebases).

Select scan results (optional)

Select CWEs

Select vulnerability types to detect

Select CVEs (optional)

Filters & advanced

Rules (optional · speeds up scanning)

Examples (optional)

Target product & version

My scans

WordPress popular plugins scanner

Historical 0day scans

Zero-Day Vulnerability Detector

Select scan results (optional)

Select CWEs

Select vulnerability types to detect

Select CVEs (optional)

Filters & advanced

Rules (optional · speeds up scanning)

Examples (optional)

Target product & version

My scans

WordPress popular plugins scanner

Historical 0day scans