WordPress Vulnerability Database API

Core endpoint

To get the vulnerability information of a core version, you have to make a call including the core version.

https://www.wpvulnerability.net/core/here.the.core.version/

Example: WordPress 5.8.2

Core JSON response

This will return a JSON with the following format:

{
  "error": 0,
  "message": null,
  "data": {
    "core": "0.0.0",
    "link": null,
    "vulnerability": [
      {
        "name": "0.0.0",
        "description": null,
        "source": [
          {
            "id": "CVE-0000-00001",
            "name": "CVE-0000-00001",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          },
          {
            "id": "JVNDB-0000-000001",
            "name": "JVNDB-0000-000001",
            "link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          }
        ],
        "impact": [
          "cvss": {
            "version": "3.1",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "av": "n",
            "ac": "l",
            "pr": "n",
            "ui": "n",
            "s": "u",
            "c": "h",
            "i": "h",
            "a": "h",
            "score": "9.8",
            "severity": "c",
            "exploitable": "3.9",
            "impact": "5.9"
            },
            "cwe": [
              {
                "cwe": "CWE89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
              }
            ]
        ]
      },
      {
        "name": "0.0.0",
        "description": null,
        "source": [
          {
            "id": "CVE-0000-00002",
            "name": "CVE-0000-00002",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00002",
            "description": "This is an example of a vulnerability description.",
            "date": "2004-10-06"
          }
        ]
      }
    ],
    "impact": []
  },
  "updated": 1053993600
}

Core JSON description

  • error: If there is an error, the value will be 1. If there is no error, it will be 0.
  • message: In case of error, an information message will be displayed.
  • data: (object) Data information group.
    • data -> core: WordPress core version.
    • data -> link: Information URL.
    • data -> vulnerability: (array) Each of the vulnerabilities in that version.
      • data -> vulnerability -> name: Vulnerability name.
      • data -> vulnerability -> description: Vulnerability description.
      • data -> vulnerability -> source: (array) List of vulnerabilities.
        • data -> vulnerability -> source -> id: Source unique identifier.
        • data -> vulnerability -> source -> name: Source vulnerability name.
        • data -> vulnerability -> source -> link: Source vulnerability information.
        • data -> vulnerability -> source -> description: Source vulnerability description.
        • data -> vulnerability -> source -> date: Date of publication of the vulnerability.
      • data -> vulnerability -> impact: (array) Impact of the vulneravibity. (optional)
        • data -> vulnerability -> impact -> cvss: (object) CVSS score. More information in the CVSS section.
          • data -> vulnerability -> impact -> cvss -> version: CVSS Version.
          • data -> vulnerability -> impact -> cvss -> vector: CVSS Vector.
          • data -> vulnerability -> impact -> cvss -> av: Attack Vector (AV) score.
          • data -> vulnerability -> impact -> cvss -> ac: Attack Complexity (AC) score.
          • data -> vulnerability -> impact -> cvss -> pr: Privileges Required (PR) score.
          • data -> vulnerability -> impact -> cvss -> ui: User Interaction (UI) score.
          • data -> vulnerability -> impact -> cvss -> s: Scope (S) score.
          • data -> vulnerability -> impact -> cvss -> c: Confidentiality (C) score.
          • data -> vulnerability -> impact -> cvss -> i: Integrity (I) score.
          • data -> vulnerability -> impact -> cvss -> a: Availability (A) score.
          • data -> vulnerability -> impact -> cvss -> score: Global score (1.0 “-” to 9.9 “+”).
          • data -> vulnerability -> impact -> cvss -> severity: Severity.
          • data -> vulnerability -> impact -> cvss -> exploitable: Exploitability.
          • data -> vulnerability -> impact -> cvss -> impact: Global impact.
        • data -> vulnerability -> impact -> cwe: (array) CWE score. More information in the CWE section.
          • data -> vulnerability -> impact -> cwe -> cwe: CWE identificator.
          • data -> vulnerability -> impact -> cwe -> name: Name.
          • data -> vulnerability -> impact -> cwe -> description: Description.
  • update: Last information update (UNIXTIME).