Below is the synopsis of the wp-sec package

SYNOPSIS

  wp wp-sec <command>

SUBCOMMANDS

  check      Checks for core, plugins and themes
  version    Returns current version


CHECK PARAMETERS

  --type=[core|plugins|themes|all]
      Check for a specific part, or use all to check all parts
      Default: all

  --output=[user|nagios|json]
      Controls the output
      Default: user

GLOBAL PARAMETERS

  All global wp cli parameters are inherited

Please use this scanner with a decent interval. I was informed about a limit of 30 calls every 30 seconds. Thus: a site with 1 core, 1 theme and 10 plugin is already 12 calls

Example command; a Wordpress site is checked just for core vulnerabilities at given path (inherited option from wp-cli)

example