Looking for an Open Source Web Vulnerability Scanner

The author is looking for an open source web vulnerability scanner to assess the security of several websites they manage, some of which are based on WordPress and others on custom frameworks. They have never conducted a web security assessment before and are seeking a tool that provides a good overview of potential vulnerabilities such as outdated plugins, exposed admin panels, and poor basic configurations. They are asking for tool recommendations and a basic workflow to start scanning their sites, with a particular interest in tools compatible with WordPress.