To get the vulnerability information of a theme, you have to make a call including the theme slug.
https://www.wpvulnerability.net/theme/here-the-theme-slug/
Example: Ripple
Themes JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"name": "Theme Name",
"theme": "wordpress-theme-example",
"link": "https://wordpress.org/themes/wordpress-theme-example/",
"vulnerability": [
{
"name": "Theme Name [wordpress-theme-example] <= 0.0.0",
"description": null,
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "0.0.0",
"max_operator": "le",
"unfixed": "0",
"closed": "0"
},
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
},
{
"id": "JVNDB-0000-000001",
"name": "JVNDB-0000-000001",
"link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
],
"impact": [
"cvss": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"av": "n",
"ac": "l",
"pr": "n",
"ui": "n",
"s": "u",
"c": "h",
"i": "h",
"a": "h",
"score": "9.8",
"severity": "c",
"exploitable": "3.9",
"impact": "5.9"
},
"cwe": [
{
"cwe": "CWE89",
"name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
}
]
},
{
"name": "Theme Name [wordpress-theme-example] < 0.0.0",
"description": null,
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "0.0.0",
"max_operator": "lt",
"unfixed": "0",
"closed": "0"
},
"source": [
{
"id": "CVE-0000-00002",
"name": "CVE-0000-00002",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00002",
"description": "This is an example of a vulnerability description.",
"date": "2004-10-06"
}
],
"impact": []
}
]
},
"updated": 1053993600
}
Themes JSON description
error
: If there is an error, the value will be 1. If there is no error, it will be 0.message
: In case of error, an information message will be displayed.data
: (object) Data information group.data -> name
: Theme name.data -> plugin
: Theme slug.data -> link
: Information URL.data -> vulnerability
: (array) Each of the plugin’s vulnerabilities.data -> vulnerability -> name
: Vulnerability name.
data -> vulnerability -> description
: Vulnerability description.
data -> vulnerability -> operator
: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.data -> vulnerability -> operator -> min_version
: Minimum version affected.data -> vulnerability -> operator -> min_operator
: Calculation operator.data -> vulnerability -> operator -> max_version
: Maximum version affected.data -> vulnerability -> operator -> max_operator
: Calculation operator.data -> vulnerability -> operator -> unfixed
: The vulnerability is unfixed.data -> vulnerability -> operator -> closed
: The plugin has closed and is no longer available for download.
data -> vulnerability -> source
: (array) List of vulnerabilities.data -> vulnerability -> source -> id
: Source unique identifier.data -> vulnerability -> source -> name
: Source vulnerability name.data -> vulnerability -> source -> link
: Source vulnerability information.data -> vulnerability -> source -> description
: Source vulnerability description.data -> vulnerability -> source -> date
: Date of publication of the vulnerability.
data -> vulnerability -> impact
: (array) Impact of the vulneravibity. (optional)data -> vulnerability -> impact
: (object) CVSS score. More information in the CVSS section.->
cvssdata -> vulnerability -> impact
: CVSS Version.-> cvss -> version
data -> vulnerability -> impact
: CVSS Vector.-> cvss -> vector
data -> vulnerability -> impact
: Attack Vector (AV) score.-> cvss -> av
data -> vulnerability -> impact
: Attack Complexity (AC) score.-> cvss -> ac
data -> vulnerability -> impact
: Privileges Required (PR) score.-> cvss -> pr
data -> vulnerability -> impact
: User Interaction (UI) score.-> cvss -> ui
data -> vulnerability -> impact
: Scope (S) score.-> cvss -> s
data -> vulnerability -> impact
: Confidentiality (C) score.-> cvss -> c
data -> vulnerability -> impact
: Integrity (I) score.-> cvss -> i
data -> vulnerability -> impact
: Availability (A) score.-> cvss -> a
data -> vulnerability -> impact
: Global score (1.0 “-” to 9.9 “+”).-> cvss -> score
data -> vulnerability -> impact
: Severity.-> cvss -> severity
data -> vulnerability -> impact
: Exploitability.-> cvss -> exploitable
data -> vulnerability -> impact
: Global impact.-> cvss -> impact
data -> vulnerability -> impact
: (array) CWE score. More information in the CWE section.->
cwedata -> vulnerability -> impact
: CWE identificator.-> cwe -> cwe
data -> vulnerability -> impact
: Name.-> cwe -> name
data -> vulnerability -> impact
: Description.-> cwe ->
description
update
: Last information update (UNIXTIME).