WordPress security vulnerability API

Trusted by WP ecosystem leaders
Receive detailed information about the latest WordPress core, theme and plugin vulnerabilities 48 hours before they are made public. Integrate it with your service or use it for your CLI tooling.

Developer API

From $149/mo

Lightweight API tailored for developers and agencies who use CLI tooling to manage their WordPress websites.
API calls
500 / day
Endpoints
Single
48 hour early warning
Cache results locally
Access to partners Slack
Dedicated support
IP reputation feed

Enterprise API

Request quote

Advanced API for web hosting providers to automate WordPress vulnerability management and alerts for their customers.
API calls
Unlimited
Endpoints
Multiple
48 hour early warning
Cache results locally
Access to partners Slack
Dedicated support
IP reputation feed
On request

Best performance with local caching

Patchstack values high performance which can only be achieved with efficient & smart solutions. Local caching provides the required flexibility for low-friction integration.

Highly recommended by our partners

Patchstack has a dedicated security team to provide the latest data. We are the official authorized CNA to assign CVE ID numbers to new vulnerabilities.

Get vulnerability alerts before they’re made public

We channel revenue back to the Patchstack Alliance program where ethical hackers earn rewards for their contribution to WordPress security.

List of endpoints with JSON example

Developer API
Enterprise API
Software name
Software type (plugin, theme, core)
Software type (free, premium)
Versioning info (fixed-in, ranges)
Detailed vulnerability description
Link to database entry
CVSS score

"vulnerabilities":[
	{
		"title": "WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 4.7 - SQL Injection (SQLi) vulnerability",
		"product_name": "WP Visitor Statistics (Real Time Traffic)",
		"product_slug": "wp-stats-manager",
		"product_type": "Plugin",
 		"fixed_in": "4.8",
		"cvss_score": 8.8,
		"direct_url": "patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-visitor-statistics-real-time-traffic-plugin-4-7-sql-injection-sqli-vulnerability"
	}
Software name
Software type (plugin, theme, core)
Software type (free, premium)
Versioning info (fixed-in, ranges)
Detailed vulnerability description
Link to database entry
CVSS score
CVE identification number
OWASP type classification
Vulnerability disclosure date
References to external resources
References to original researchers

"vulnerabilities":[
	{
		"id":7976,
		"product_id":2175,
		"title":"WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)",
		"description":"Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE) discovered by apple502j in WordPress File Upload plugin (versions <= 4.16.2).",
		"vuln_type":"Directory Traversal",
		"cvss_score":8.8,
		"cve":["2021-24962"],

		"product_slug":"wp-file-upload",
		"product_name":"WordPress File Upload",
		"product_name_premium":null,
		"product_type":"Plugin",
		"affected_in":"<= 4.16.2",
		"fixed_in":"4.16.3",
		"patched_in_ranges":[],
           
		"disclosure_date":"2022-03-01 00:00:00",
		"disclosed_at":"2022-03-01T00:00:00+00:00",
		"created_at":"2022-03-07T11:17:05+00:00", 

		"url":"wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rce",
		"direct_url":"https://patchstack.com/database/vulnerability/wp-file-upload/wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rce"
	},

Get in touch and learn how our Vulnerability API can benefit you

“Patchstack has led to the prevention of more than 56 000 vulnerabilities in our Managed WordPress installations.”

Liza Bogatyrev

Product Marketing Manager at One.com

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu