Back
ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we would like to explain what we can offer for web agencies, hosting companies and other companies.

Our WordPress Vulnerability Database is based on the Application Programming Interface (API) principle. It means that you always get the latest data that is available at that particular moment.

Accessing the information in our database via graphical interface can be not enough for developers.  However, the API gives more flexibility and makes it possible to process the data exactly how it’s needed.

WordPress Vulnerability Database Free API

wordpress vulnerability databaseThe WordPress Vulnerability Database is a product we are very proud of. More than 3500 existing entries and this number updated continuously (you can check here the 2017 year WordPress vulnerabilities statistics we will soon release the new statistics for 2020). WordPress plugin vulnerabilities, WordPress theme vulnerabilities and WordPress core vulnerabilities  are all in one database. We have been collecting this database for several years now and it goes back to as far as 2005.

The database is focused exclusively on WordPress products, we collect data on vulnerable versions of WordPress and vulnerable versions of plugins and templates developed for the WordPress Content Management System.

With the WordPress Vulnerability Database API, you can test your WordPress software exceptionally efficiently and quickly. Knowing that a website is using the vulnerable software allows timely response to the emergency situation and to ensure the site’s resilience against cyber attacks. It’s a great tool that helps to avoid cyber incidents and extremely helpful if you manage lots of websites or your own hosting company.

WordPress Vulnerability Database API Usage

Get latest 20 vulnerabilities added to the database

GET https://db.threatpress.com/api/v2/latest

JSON Response example (truncated)

{"vulnerabilities":[{"id":4253,"product_id":2642,"title":"WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability","description":"Cross-Site Request Forgery (CSRF) vulnerability found by Jinson Varghese Behanan in WordPress Tutor LMS plugin (versions <= 1.5.2).","disclosure_date":"2020-02-04 00:00:00","created_at":"2021-01-08T13:50:54.000000Z","url":"wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability","product_slug":"tutor","product_name":"Tutor LMS","product_type":"Plugin","vuln_type":"Cross Site Request Forgery (CSRF)","affected_in":"<= 1.5.2","fixed_in":"1.5.3","direct_url":"https:\/\/db.threatpress.com\/vulnerability\/tutor\/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability"}]}

Get all vulnerabilities of a plugin, theme or WordPress core

GET https://db.threatpress.com/api/v2/product/TYPE/NAME/VERSION/EXISTS?
TYPE = theme, plugin, wordpress
NAME = Slug of the theme, slug of the plugin, or “wordpress” in case TYPE is set to wordpress
VERSION = Version to check for vulnerabilities
EXISTS = Optional flag that will not return all vulnerabilities but only a boolean response whether or not there are vulnerabilities. This flag being present results in a faster response.

JSON Response example without EXISTS flag: https://db.threatpress.com/api/v2/product/plugin/tutor/1.5.2

{"vulnerabilities":[{"id":4253,"product_id":2642,"title":"WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability","description":"Cross-Site Request Forgery (CSRF) vulnerability found by Jinson Varghese Behanan in WordPress Tutor LMS plugin (versions <= 1.5.2).","disclosure_date":"2020-02-04 00:00:00","created_at":"2021-01-08T13:50:54.000000Z","url":"wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability","product_slug":"tutor","product_name":"Tutor LMS","product_type":"Plugin","vuln_type":"Cross Site Request Forgery (CSRF)","affected_in":"<= 1.5.2","fixed_in":"1.5.3","direct_url":"http:\/\/db2.threatpress.com\/vulnerability\/tutor\/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability"}]}

JSON Response example with EXISTS flag: https://db.threatpress.com/api/v2/product/plugin/tutor/1.5.2/exists

{"vulnerable":true}

Batch request handler to get vulnerabilities of a batch of components

POST https://db.threatpress.com/api/v2/batch

This endpoint accepts a JSON object where each object (maximum of 50 per request) inside of the JSON object must contain the name, version, type and exists property like the endpoint described above. An example request payload could look like the following:
[{"name":"woocommerce","version":"3.0.0","type":"plugin","exists":true},{"name":"wordpress","version":"3.0.0","type":"wordpress","exists":true}]

Which responds with the following:
{"vulnerabilities":{"woocommerce":true,"wordpress":true}}

A payload with the exists flag set to false for one of the objects, will result in something like the following:
{"vulnerabilities":{"tutor":[{"id":4253,"product_id":2642,"title":"WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability","description":"Cross-Site Request Forgery (CSRF) vulnerability found by Jinson Varghese Behanan in WordPress Tutor LMS plugin (versions <= 1.5.2).","disclosure_date":"2020-02-04 00:00:00","created_at":"2021-01-08T13:50:54.000000Z","url":"wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability","product_slug":"tutor","product_name":"Tutor LMS","product_type":"Plugin","vuln_type":"Cross Site Request Forgery (CSRF)","affected_in":"<= 1.5.2","fixed_in":"1.5.3","direct_url":"http:\/\/db2.threatpress.com\/vulnerability\/tutor\/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability"}],"wordpress":true}}

Disclaimer

Please use the API with reason. Attempting to send hundreds of requests per minute will not be appreciated and could result in stricter throttling.
The current throttle restrictions are set to 15 requests every minute. Use the batch API endpoint in order to avoid sending multiple API calls and being throttled.

Closing

If you have any questions, need help or have suggestions. Please feel free to reach out!

Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *