CMSmap is not included in Kali Linux, but it can be easily installed from its Git repository as follows:
git clone https://github.com/Dionach/CMSmap.git
CMSmap scans for vulnerabilities in WordPress, Joomla, or Drupal sites. It has the ability to autodetect the CMS used by the site. It is a command-line tool, and you need to use the -t option to specify the target site. CMSmap displays the vulnerabilities it finds preceded by an indicator of the severity rating that it determines: [I] for informational, [L] for low, [M] for medium, and [H] for high, as shown in the following screenshot:
The --noedb option used in the screenshot prevents WordPress from looking for exploits for the identified vulnerabilities in the Exploit Database (https://www.exploit-db.com/), as our Kali Linux VM is not connected to the internet. Trying to connect to an external server would result in errors and delays in obtaining the results.