WordPress security for hosting providers

Protect large networks with our real-time vulnerability & IP reputation feed.

“Patchstack has led to the prevention of more than 56 000 vulnerabilities in our Managed WordPress installations.”

Liza Bogatyrev

Product Marketing Manager at One.com

Protect websites from known threat actors

Get high-quality IP reputation feed of abusers who hit virtual patches we create for every vulnerability in our database. Similarly to our virtual patches, our IP reputation feed has close to 0% false positives.

Get vulnerability alerts before they’re made public

Receive detailed information about vulnerabilities 48 hours before they are made public on the Patchstack Database. Give your customers a head start to patch the latest vulnerabilities before hackers can take an advantage.

Enterprise API

Request quote

Advanced API to automate WordPress vulnerability management and alerts for customers.
API calls
48 hour early warning
Cache results locally
Access to partners Slack
Dedicated support
IP reputation feed
On request
Get in touch

Data available via API:

Software name
Software type (plugin, theme, core)
Software type (free, premium)
Versioning info (fixed-in, ranges)
Detailed vulnerability description
Link to database entry
CVSS score
CVE identification number
OWASP type classification
Vulnerability disclosure date
References to external resources
References to original researchers
Exploitation indicator

Enterprise API JSON example

         "title":"WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)",
         "description":"Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE) discovered by apple502j in WordPress File Upload plugin (versions <= 4.16.2).",
         "disclosure_date":"2022-03-01 00:00:00",
         "product_name":"WordPress File Upload",
         "vuln_type":"Directory Traversal",
         "affected_in":"<= 4.16.2",
         "title":"WordPress All in One Invite Codes plugin <= 1.0.12 - Sensitive Information Disclosure vulnerability",
         "description":"Sensitive Information Disclosure vulnerability discovered in WordPress All in One Invite Codes plugin (versions <= 1.0.12).",
         "disclosure_date":"2022-02-28 00:00:00",
         "product_name":"All in One Invite Codes",
         "vuln_type":"Information Disclosure",
         "affected_in":"<= 1.0.12",

Get in touch and learn how our Vulnerability API can benefit you

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We are trusted by MITRE to assign CVE IDs to new security vulnerabilities and our technology is backed by the EU Innovation Council. In 2021 Patchstack Alliance reported 1,000+ vulnerabilities affecting millions of WordPress sites
Group 7
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.