To get the vulnerability information of a core version, you have to make a call including the core version.
https://www.wpvulnerability.net/core/here.the.core.version/
Example: WordPress 5.8.2
Core JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"core": "0.0.0",
"link": null,
"vulnerability": [
{
"uuid": "example",
"name": "0.0.0",
"description": null,
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
},
{
"id": "JVNDB-0000-000001",
"name": "JVNDB-0000-000001",
"link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
],
"impact": [
"cvss": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"av": "n",
"ac": "l",
"pr": "n",
"ui": "n",
"s": "u",
"c": "h",
"i": "h",
"a": "h",
"score": "9.8",
"severity": "c",
"exploitable": "3.9",
"impact": "5.9"
},
"cwe": [
{
"cwe": "CWE89",
"name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
}
]
]
}
]
},
"updated": 1053993600
}
Core JSON description
error
: If there is an error, the value will be 1. If there is no error, it will be 0.message
: In case of error, an information message will be displayed.data
: (object) Data information group.data → core
: WordPress core version.data → link
: Information URL.data → vulnerability
: (array) Each of the vulnerabilities in that version.data → vulnerability → uuid
: Core unique vulnerability ID.data → vulnerability → name
: Vulnerability name.data → vulnerability → description
: Vulnerability description.data → vulnerability → source
: (array) List of vulnerabilities.data → vulnerability → source → id
: Source unique identifier.data → vulnerability → source → name
: Source vulnerability name.data → vulnerability → source → link
: Source vulnerability information.data → vulnerability → source → description
: Source vulnerability description.data → vulnerability → source → date
: Date of publication of the vulnerability.
data → vulnerability → impact
: (array) Impact of the vulnerability. (optional)data → vulnerability → impact → cvss
: (object) CVSS score. More information in the CVSS section.data → vulnerability → impact -> cvss → version
: CVSS Version.data → vulnerability → impact → cvss → vector
: CVSS Vector.data → vulnerability → impact → cvss → av
: Attack Vector (AV) score.data → vulnerability → impact → cvss → ac
: Attack Complexity (AC) score.data → vulnerability → impact → cvss → pr
: Privileges Required (PR) score.data → vulnerability → impact → cvss → ui
: User Interaction (UI) score.data → vulnerability → impact → cvss → s
: Scope (S) score.data → vulnerability → impact → cvss → c
: Confidentiality (C) score.data → vulnerability → impact → cvss → i
: Integrity (I) score.data → vulnerability → impact → cvss → a
: Availability (A) score.data → vulnerability → impact → cvss → score
: Global score (1.0 “-” to 9.9 “+”).data → vulnerability → impact → cvss → severity
: Severity.data → vulnerability → impact → cvss → exploitable
: Exploitability.data → vulnerability → impact → cvss → impact
: Global impact.
data → vulnerability → impact → cwe
: (array) CWE score. More information in the CWE section.data → vulnerability → impact → cwe → cwe
: CWE identification.data → vulnerability → impact → cwe → name
: Name.data → vulnerability → impact → cwe → description
: Description.
update
: Last information update (UNIXTIME).