WordPress Vulnerability Database API
·
Supply-Chain Attack Data Now in the API We’ve added supply-chain audit intelligence to the WPVulnerability API. The new SupplyChainEntry model covers plugin ownership hijacks and update-channel abuse, incidents that fall outside traditional CVE-based vulnerability records. Each entry includes: A single plugin may have multiple entries if it was compromised more than once. This data is
·
Impact data: richer, structured, and forward-looking We have been working on a significant update to the impact section of the WPVulnerability API. This update introduces new structured data blocks, deprecates the legacy format, and adds two entirely new fields. Here is what changed and what to expect in the coming weeks. For full field definitions,
·
Stability Improvements Over the past two weeks (June 1–14), we experienced some platform stability issues that have now been fixed. These problems caused 5xx errors. The issue with the origin server has been identified and resolved. Real-Time CDN We’ve also improved our caching to deliver real-time data updates. Whenever we update vulnerability information, it’s immediately
·
On this occasion, although we are still working on some improvements, I simply bring you this news because we do not yet know how it could affect the information we publish. Although we have different sources of data, this is certainly going to be a big blow to cybersecurity. – MITRE has announced that its
·
New memcached, Redis, and SQLite Endpoints In line with our efforts to enhance the security of WordPress, in addition to the software itself, PHP, and the web servers, database servers, and other software, we have included vulnerabilities from the usual Object Cache servers: memcached, Redis, and SQLite. The new endpoints are:— memcached endpoint— Redis endpoint—
·
New ImageMagick and curl Endpoints In line with our efforts to enhance the security of WordPress, in addition to the software itself, PHP, and the web servers, database servers, we have included vulnerabilities from some of the most usual extensions: ImageMagick and curl. The new endpoints are:— ImageMagick endpoint— curl endpoint Currently, the database includes
·
New MariaDB and MySQL Endpoints In line with our efforts to enhance the security of WordPress, in addition to the software itself, PHP, and the web server, we have included vulnerabilities from the most widely used databases: MariaDB and MySQL. The new endpoints are:— MariaDB endpoint— MySQL endpoint Currently, the database includes 396 vulnerabilities for
·
Apache HTTPD API endpoint, out of beta As we commented in the last API update, we have already published out of beta the endpoint of PHP vulnerabilities, and this time it is the turn of Apache HTTPD vulnerabilities. The first version of this new database has 263 vulnerabilities, corresponding to Apache HTTPD 1.3, 2.0, 2.2
·
PHP vulnerabilities, out of beta A few months ago, we started the PHP API with PHP vulnerabilities. And now, it’s finally fully available. We’ve been working to create a full database, and the first version has almost 700 vulnerabilities. The API has information available from PHP 4.0 to PHP 8.3. Here is the API PHP