Core endpoint

To get the vulnerability information of a core version, you have to make a call including the core version.

https://www.wpvulnerability.net/core/here.the.core.version/

Example: WordPress 5.8.2

Core JSON response

This will return a JSON with the following format:

{
  "error": 0,
  "message": null,
  "data": {
    "core": "0.0.0",
    "link": null,
    "vulnerability": [
      {
        "uuid": "example",
        "name": "0.0.0",
        "description": null,
        "source": [
          {
            "id": "CVE-0000-00001",
            "name": "CVE-0000-00001",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          },
          {
            "id": "JVNDB-0000-000001",
            "name": "JVNDB-0000-000001",
            "link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          }
        ],
        "impact": [
          "cvss": {
            "version": "3.1",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "av": "n",
            "ac": "l",
            "pr": "n",
            "ui": "n",
            "s": "u",
            "c": "h",
            "i": "h",
            "a": "h",
            "score": "9.8",
            "severity": "c",
            "exploitable": "3.9",
            "impact": "5.9"
            },
            "cwe": [
              {
                "cwe": "CWE89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
              }
            ]
        ]
      }
    ]
  },
  "updated": 1053993600
}

Core JSON description

  • error: If there is an error, the value will be 1. If there is no error, it will be 0.
  • message: In case of error, an information message will be displayed.
  • data: (object) Data information group.
    • data → core: WordPress core version.
    • data → link: Information URL.
    • data → vulnerability: (array) Each of the vulnerabilities in that version.
      • data → vulnerability → uuid: Core unique vulnerability ID.
      • data → vulnerability → name: Vulnerability name.
      • data → vulnerability → description: Vulnerability description.
      • data → vulnerability → source: (array) List of vulnerabilities.
        • data → vulnerability → source → id: Source unique identifier.
        • data → vulnerability → source → name: Source vulnerability name.
        • data → vulnerability → source → link: Source vulnerability information.
        • data → vulnerability → source → description: Source vulnerability description.
        • data → vulnerability → source → date: Date of publication of the vulnerability.
      • data → vulnerability → impact: (array) Impact of the vulnerability. (optional)
        • data → vulnerability → impact → cvss: (object) CVSS score. More information in the CVSS section.
          • data → vulnerability → impact -> cvss → version: CVSS Version.
          • data → vulnerability → impact → cvss → vector: CVSS Vector.
          • data → vulnerability → impact → cvss → av: Attack Vector (AV) score.
          • data → vulnerability → impact → cvss → ac: Attack Complexity (AC) score.
          • data → vulnerability → impact → cvss → pr: Privileges Required (PR) score.
          • data → vulnerability → impact → cvss → ui: User Interaction (UI) score.
          • data → vulnerability → impact → cvss → s: Scope (S) score.
          • data → vulnerability → impact → cvss → c: Confidentiality (C) score.
          • data → vulnerability → impact → cvss → i: Integrity (I) score.
          • data → vulnerability → impact → cvss → a: Availability (A) score.
          • data → vulnerability → impact → cvss → score: Global score (1.0 “-” to 9.9 “+”).
          • data → vulnerability → impact → cvss → severity: Severity.
          • data → vulnerability → impact → cvss → exploitable: Exploitability.
          • data → vulnerability → impact → cvss → impact: Global impact.
        • data → vulnerability → impact → cwe: (array) CWE score. More information in the CWE section.
          • data → vulnerability → impact → cwe → cwe: CWE identification.
          • data → vulnerability → impact → cwe → name: Name.
          • data → vulnerability → impact → cwe → description: Description.
  • update: Last information update (UNIXTIME).