To get the vulnerability information of a plugin, you have to make a call including the plugin slug.
https://www.wpvulnerability.net/plugin/here-the-plugin-slug/Example: UpdraftPlus
Plugins JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"name": "Plugin Name",
"plugin": "wordpress-plugin-example",
"link": "https://wordpress.org/plugins/wordpress-plugin-example/",
"latest": "1234567890",
"vulnerability": [
{
"uuid": "example",
"name": "Plugin Name [wordpress-plugin-example] <= 0.0.0",
"description": null,
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "0.0.0",
"max_operator": "le",
"unfixed": "0",
"closed": "0"
},
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
},
{
"id": "JVNDB-0000-000001",
"name": "JVNDB-0000-000001",
"link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
],
"impact": [
"cvss": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"av": "n",
"ac": "l",
"pr": "n",
"ui": "n",
"s": "u",
"c": "h",
"i": "h",
"a": "h",
"score": "9.8",
"severity": "c",
"exploitable": "3.9",
"impact": "5.9"
},
"cvss2": {
"version": "2.0",
"vector": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"score": "7.5",
"severity": "high",
"av": "network",
"ac": "low",
"au": "none",
"c": "partial",
"i": "partial",
"a": "partial"
},
"cvss3": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": "9.8",
"severity": "critical",
"av": "network",
"ac": "low",
"pr": "none",
"ui": "none",
"s": "unchanged",
"c": "high",
"i": "high",
"a": "high",
"exploitable": "3.9",
"impact": "5.9"
},
"cvss4": {
"version": "4.0",
"vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"score": "5.1",
"severity": "medium",
"av": "network",
"ac": "low",
"at": "none",
"pr": "high",
"ui": "none",
"vc": "low",
"vi": "low",
"va": "low",
"sc": "none",
"si": "none",
"sa": "none"
},
"epss": "0.00123",
"ssvc": {
"exploitation": "none",
"automatable": "no",
"technical_impact": "total",
"kev": false,
"kev_date": null
},
"cwe": [
{
"cwe": "CWE89",
"name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
}
]
]
}
]
},
"updated": 1053993600
}Plugins JSON description
error: If there is an error, the value will be 1. If there is no error, it will be 0.message: In case of error, an information message will be displayed.data: (object) Data information group.data → name: Plugin name.data → plugin: Plugin slug.data → link: Information URL.data → latest: Last time the plugin was updated (UNIXTIME).data → vulnerability: (array) Each of the plugin’s vulnerabilities.data → vulnerability → uuid: Plugin unique vulnerability ID.data → vulnerability → name: Vulnerability name.data → vulnerability → description: Vulnerability description.data → vulnerability → operator: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.data → vulnerability → operator → min_version: Minimum version affected.data → vulnerability → operator → min_operator: Calculation operator.data → vulnerability → operator → max_version: Maximum version affected.data → vulnerability → operator → max_operator: Calculation operator.data → vulnerability → operator → unfixed: The vulnerability is unfixed.data → vulnerability → operator → closed: The plugin has closed and is no longer available for download.
data → vulnerability → source: (array) List of vulnerabilities.data → vulnerability → source → id: Source unique identifier.data → vulnerability → source → name: Source vulnerability name.data → vulnerability → source → link: Source vulnerability information.data → vulnerability → source → description: Source vulnerability description.data → vulnerability → source → date: Date of publication of the vulnerability.
data → vulnerability → impact: (array) Impact of the vulnerability.data → vulnerability → impact → cvss: (object) CVSS score. (deprecated)data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → av: Attack Vector (AV) score.data → vulnerability → impact → cvss → ac: Attack Complexity (AC) score.data → vulnerability → impact → cvss → pr: Privileges Required (PR) score.data → vulnerability → impact → cvss → ui: User Interaction (UI) score.data → vulnerability → impact → cvss → s: Scope (S) score.data → vulnerability → impact → cvss → c: Confidentiality (C) score.data → vulnerability → impact → cvss → i: Integrity (I) score.data → vulnerability → impact → cvss → a: Availability (A) score.data → vulnerability → impact → cvss → score: Global score (1.0 “-” to 9.9 “+”).data → vulnerability → impact → cvss → severity: Severity.data → vulnerability → impact → cvss → exploitable: Exploitability.data → vulnerability → impact → cvss → impact: Global impact.
data → vulnerability → impact → cvss2: (object) CVSS 2.0 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Access Vector.data → vulnerability → impact → cvss → ac: Access Complexity.data → vulnerability → impact → cvss → au: Authentication.data → vulnerability → impact → cvss → c: Confidentiality Impact.data → vulnerability → impact → cvss → i: Integrity Impact.data → vulnerability → impact → cvss → a: Availability Impact.
data → vulnerability → impact → cvss3: (object) CVSS 3.0/3.1 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Attack Vector.data → vulnerability → impact → cvss → ac: Attack Complexity.data → vulnerability → impact → cvss → pr: Privileges Required.data → vulnerability → impact → cvss → ui: User Interaction.data → vulnerability → impact → cvss → s: Scope.data → vulnerability → impact → cvss → c: Confidentiality Impact.data → vulnerability → impact → cvss → i: Integrity Impact.data → vulnerability → impact → cvss → a: Availability Impact.data → vulnerability → impact → cvss → exploitable: Exploitability sub-score.data → vulnerability → impact → cvss → impact: Impact sub-score.
data → vulnerability → impact → cvss4: (object) CVSS 4.0 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Attack Vector.data → vulnerability → impact → cvss → ac: Attack Complexity.data → vulnerability → impact → cvss → at: Attack Requirements.data → vulnerability → impact → cvss → pr: Privileges Required.data → vulnerability → impact → cvss → ui: User Interaction.data → vulnerability → impact → cvss → vc: Vulnerable System Confidentiality.data → vulnerability → impact → cvss → vi: Vulnerable System Integrity.data → vulnerability → impact → cvss → va: Vulnerable System Availability.data → vulnerability → impact → cvss → sc: Subsequent System Confidentiality.data → vulnerability → impact → cvss → si: Subsequent System Integrity.data → vulnerability → impact → cvss → sa: Subsequent System Availability.
data → vulnerability → impact →epss: (float) Exploit Prediction Scoring System.data → vulnerability → impact →ssvc: (object) Stakeholder-Specific Vulnerability Categorization.data → vulnerability → impact → ssvc → exploitation: Exploitation state.data → vulnerability → impact → ssvc → automatable: Whether the vulnerability is automatable.data → vulnerability → impact → ssvc → technical_impact: Technical impact.data → vulnerability → impact → ssvc → kev: Whether the vulnerability is in the CISA KEV catalog.data → vulnerability → impact → ssvc → kev_date: Date added to KEV catalog.
data → vulnerability → impact → cwe: (array) CWE score.data → vulnerability → impact → cwe → cwe: CWE identification.data → vulnerability → impact → cwe → name: Name.data → vulnerability → impact → cwe → description: Description.
update: Last information update (UNIXTIME).
