WordPress security vulnerability API for developers

Receive detailed information about the latest WordPress core, theme and plugin vulnerabilities 48 hours before they are made public.
Our vulnerability API is leveraged by

Integrate vulnerability data into your CLI tooling and services

48h early vulnerability detection
Monitor active exploitation
Prioritise updates with patch priority

Standard API includes

See API documentation
500 API calls / day
Single endpoint
Data 48h in advance

API datapoints:

Software name
Software type (plugin, theme, core)
Software type (free, premium)
Versioning info (fixed-in, ranges)
Patch priority
CVSS score
Link to database entry

Standard API JSON example

    "title":"WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)",
    "product_name":"WordPress File Upload",
    "patch_priority": 3,

Frequently asked questions

Yes, you can. Visit API for hosts to see our extended API offering. However, each case is viewed and quoted individually. In order to do so, please reach out to us via the Intercom chat or contact form.

No, you do not need to be signed up to a paid plan. However, in order to charge you, credit card credentials have to be set up (even on Community plan). To do so, sign up and navigate to Account > Billing.

Our add-ons do not have a trial period. If you are unhappy with the service, a 30-day money-back guarantee applies as stated in our Terms & Conditions.

At this time each request is manually approved in order to avoid any misuse or abuse of the service.

If you have questions, don't hesitate to reach out to Sander via live chat.

How to request access

Create a Patchstack account on any of our plans
Add billing details (regardless of the plan)
Navigate to Add-ons and request an API key
Receive the API key and set up your tooling or services

Integrated WordPress vulnerability data for $149 / mo

Need more? See Enterprise API
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.