WordPress Vulnerability Database API

PHP endpoint

To get the vulnerability information of a PHP version, you have to make a call including the major PHP version (or the minor one). The response will include all vulnerabilities for this major version.

https://www.wpvulnerability.net/php/php-major-or-minor-version/

Example: PHP 8.2

PHP JSON response

This will return a JSON with the following format:

{
  "error": 0,
  "message": null,
  "data": {
    "name": "PHP 8.x",
    "php": "8.x",
    "status": "m",
    "date_start": "1970-01-01"
    "sate_end": "1971-12-31"
    "vulnerability": [
      {
        "name": "PHP 8.x < 8.x.1",
        "operator": {
          "min_version": null,
          "min_operator": null,
          "max_version": "8.x.1",
          "max_operator": "lt",
          "unfixed": "0",
        },
        "source": [
          {
            "id": "CVE-0000-00001",
            "name": "CVE-0000-00001",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          }
        ]
      },
      {
        "name": "PHP 8.x < 8.x.2",
        "operator": {
          "min_version": null,
          "min_operator": null,
          "max_version": "8.x.2",
          "max_operator": "le",
          "unfixed": "0",
        },
        "source": [
          {
            "id": "CVE-0000-00002",
            "name": "CVE-0000-00002",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00002",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-28"
          }
        ]
      },
    ]
  },
  "updated": 1053993600
}

PHP JSON description

  • error: If there is an error, the value will be 1. If there is no error, it will be 0.
  • message: In case of error, an information message will be displayed.
  • data: (object) Data information group.
  • data name: PHP version.
  • data php: PHP major version.
  • data status: (values) Information URL.
    • m: Maintained
    • s: Security support
    • d: Deprecated / Unmaintained
  • data date_start: Date since the version was launched.
  • data date_end: Date when the version was deprecated / unmaintained.
  • data vulnerability: (array) Each of the plugin’s vulnerabilities.
    • data vulnerability name: Vulnerability name.
    • data vulnerability operator: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.
    • data vulnerability operator min_version: Minimum version affected.
    • data vulnerability operator min_operator: Calculation operator.
    • data vulnerability operator max_version: Maximum version affected.
    • data vulnerability operator max_operator: Calculation operator.
    • data vulnerability operator unfixed: The vulnerability is unfixed.
  • data vulnerability source: (array) List of vulnerabilities.
    • data vulnerability source id: Source unique identifier.
    • data vulnerability source link: Source vulnerability information.
    • data vulnerability source description: Source vulnerability description.
    • data vulnerability source date: Date of publication of the vulnerability.
  • update: Last information update (UNIXTIME).

Important information

The PHP API has information since PHP 4.0, and also vulnerabilities that may apply to WordPress. This is not a PHP vulnerability database.