=== OOPVulns - Vulnerability Scanner ===
Contributors: oopspam
Tags: security, vulnerability, scanner, plugins, themes
Requires at least: 5.8
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv3 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Monitor your WordPress site for security vulnerabilities in core, plugins, and themes.

== Description ==

OOPVulns is a modern, accessible WordPress plugin that continuously monitors your site for known security vulnerabilities in WordPress core, plugins, and themes.

= Features =

* **Comprehensive Scanning** - Scans WordPress core, all plugins, and all themes for known vulnerabilities
* **Automatic Scans** - Configurable daily or weekly automatic scanning
* **Email Notifications** - Get notified when vulnerabilities are detected
* **Modern Dashboard** - Clean, accessible admin interface with detailed vulnerability information
* **Severity Indicators** - Color-coded severity levels (Critical, High, Medium, Low)
* **Update Guidance** - See which vulnerabilities have fixes available

= How It Works =

The plugin checks your installed WordPress core version, plugin versions, and theme versions against the OOPSpam vulnerability database. When a known vulnerability is found, you'll see it in the dashboard and optionally receive an email notification.

= External Service =

This plugin connects to the OOPSpam API to retrieve vulnerability information. When a scan runs, the following data is sent:

* WordPress core version
* Plugin slugs and versions
* Theme slugs and versions

No personal data, user information, or site content is transmitted.

* [OOPSpam Terms of Service](https://www.oopspam.com/terms)
* [OOPSpam Privacy Policy](https://www.oopspam.com/privacypolicy)

== Installation ==

1. Upload the `oop-vulns` folder to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to Tools → Vulnerability Scanner to configure the plugin
4. Enter your OOPSpam API key (required for vulnerability checks)
5. Click "Run Scan Now" to perform your first vulnerability scan

== Frequently Asked Questions ==

= Do I need an API key? =

Yes, an API key is required to check for vulnerabilities. Each API key includes 40 vulnerability checks per month. Each plugin or theme check counts as one API call. If you're using the OOPSpam Anti-Spam plugin, the API key is shared automatically.

= How are API calls counted? =

Each vulnerability check for a plugin or theme counts as one API call. For example, if you have 20 plugins and 5 themes, a full scan uses 25 API calls (plus 1 for WordPress core).

= How often does the plugin scan? =

You can configure scans to run daily or weekly. You can also run a manual scan at any time from the dashboard.

= What data is sent to the external API? =

Only plugin/theme slugs and version numbers are sent. No personal data, content, or sensitive information is transmitted.

= Does this plugin slow down my site? =

No. Scans run in the background via WordPress cron and results are cached. The plugin does not affect frontend performance.

= Can I use my own API key? =

Yes. You can enter your API key in the plugin settings, or define `OOPSPAM_API_KEY` in your wp-config.php file.

== Screenshots ==

1. Dashboard showing vulnerability summary
2. Detailed vulnerability information with severity badges
3. Settings page for scan frequency and notifications
4. Email notification example

== Changelog ==

= 1.0.0 =
* Initial release
* WordPress core vulnerability scanning
* Plugin vulnerability scanning
* Theme vulnerability scanning
* Email notifications (daily/weekly)
* Configurable scan frequency
* Modern, accessible admin interface

== Upgrade Notice ==

= 1.0.0 =
Initial release of OOPVulns vulnerability scanner.
