2022-12-20 API update


Closed plugins

From now on, plugins that are closed, or are going to close, in the WordPress.org repository, will automatically cause all vulnerabilities in that plugin to mark that the plugin is closed.

In the same way, those plugins with vulnerabilities marked as closed, but that the plugin has been reopened, will be properly maintained.

Wordfence vulnerabilities

In the coming weeks, Wordfence vulnerabilities will appear in the API. The API system that they include is not being used since there are some inconsistencies in their information, for example with plugins or vulnerabilities marked as having no correction, but they do.

As always, the WPVulnerability team will manually check vulnerabilities for those inconsistencies.

Ideas for the future

We have several projects underway for the beginning of 2023, among which are:

โ€” Include in the information of a plugin: Whether this plugin exists in the repository (it has been closed). We will propose the same system for the themes.

โ€” Unify duplications: We will process the system to eliminate duplications of vulnerabilities from different providers. Currently, it no longer happens with those who share CVE.