Kistn API Client
Collects installed plugins, themes, and WordPress core, then pushes inventory to your Kistn server for centralized vulnerability monitoring.
Push flow:
- Preflight — asks the server which slugs need a fresh advisory check and which are known-private.
- Hash check — skips push if inventory unchanged.
- WPScan lookup — queries the WPScan vulnerability database only for stale, non-private slugs.
- Push — sends packages, vulnerability findings, advisory snapshots, and any newly-discovered private slugs.
Private packages (those absent from the WPScan database) are tracked server-side so subsequent runs never waste WPScan quota on them. When the server later confirms a package is public, the project owner is notified.
Configuration via Settings → Kistn, or via constants in wp-config.php:
define( ‘KISTN_BASE_URL’, ‘https://your-server.example.com’ ); define( ‘KISTN_PROJECT_ID’, ‘your-project-uuid’ ); define( ‘KISTN_TOKEN’, ‘your-api-token’ ); define( ‘KISTN_WPSCAN_TOKEN’, ‘your-wpscan-api-token’ ); // optional, enables vulnerability lookups
External services
This plugin can connect to WPScan API to obtain latest security information about your installation. Use of this feature is optional. To use this feature, you need a WPScan account and your own API token.
When the feature is used, this plugin sends information about installed WordPress core, plugins and themes to retrieve latest security advisories about your installed components. The service is provided by “WPScan”: https://wpscan.com/terms/, https://automattic.com/privacy/.