WPVulnerability

WordPress Vulnerability Database API

Themes endpoint

To get the vulnerability information of a theme, you have to make a call including the theme slug.

https://www.wpvulnerability.net/theme/here-the-theme-slug/

Example: Ripple

Themes JSON response

This will return a JSON with the following format:

{
  "error": 0,
  "message": null,
  "data": {
    "name": "Theme Name",
    "theme": "wordpress-theme-example",
    "link": "https://wordpress.org/themes/wordpress-theme-example/",
    "vulnerability": [
      {
        "uuid": "example",
        "name": "Theme Name [wordpress-theme-example] <= 0.0.0",
        "description": null,
        "operator": {
          "min_version": null,
          "min_operator": null,
          "max_version": "0.0.0",
          "max_operator": "le",
          "unfixed": "0",
          "closed": "0"
        },
        "source": [
          {
            "id": "CVE-0000-00001",
            "name": "CVE-0000-00001",
            "link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          },
          {
            "id": "JVNDB-0000-000001",
            "name": "JVNDB-0000-000001",
            "link": "https://jvndb.jvn.jp/jvndb/JVNDB-0000-000001",
            "description": "This is an example of a vulnerability description.",
            "date": "2003-05-27"
          }
        ],
        "impact": [
          "cvss": {
            "version": "3.1",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "av": "n",
            "ac": "l",
            "pr": "n",
            "ui": "n",
            "s": "u",
            "c": "h",
            "i": "h",
            "a": "h",
            "score": "9.8",
            "severity": "c",
            "exploitable": "3.9",
            "impact": "5.9"
            },
            "cwe": [
              {
                "cwe": "CWE89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
              }
            ]
      }
    ]
  },
  "updated": 1053993600
}

Themes JSON description

  • error: If there is an error, the value will be 1. If there is no error, it will be 0.
  • message: In case of error, an information message will be displayed.
  • data: (object) Data information group.
  • data → name: Theme name.
  • data → theme: Theme slug.
  • data → link: Information URL.
  • data → vulnerability: (array) Each of the plugin’s vulnerabilities.
    • data → vulnerability → uuid: Theme unique vulnerability ID.
    • data → vulnerability → name: Vulnerability name.
    • data → vulnerability → description: Vulnerability description.
      • data → vulnerability → operator: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.
        • data → vulnerability → operator → min_version: Minimum version affected.
        • data → vulnerability → operator → min_operator: Calculation operator.
        • data → vulnerability → operator → max_version: Maximum version affected.
        • data → vulnerability → operator → max_operator: Calculation operator.
        • data → vulnerability → operator → unfixed: The vulnerability is unfixed.
        • data → vulnerability → operator → closed: The plugin has closed and is no longer available for download.
      • data → vulnerability → source: (array) List of vulnerabilities.
        • data → vulnerability → source → id: Source unique identifier.
        • data → vulnerability → source → name: Source vulnerability name.
        • data → vulnerability → source → link: Source vulnerability information.
        • data → vulnerability → source → description: Source vulnerability description.
        • data → vulnerability → source → date: Date of publication of the vulnerability.
      • data → vulnerability → impact: (array) Impact of the vulnerability. (optional)
        • data → vulnerability → impactcvss: (object) CVSS score. More information in the CVSS section.
          • data → vulnerability → impact → cvss → version: CVSS Version.
          • data → vulnerability → impact → cvss → vector: CVSS Vector.
          • data → vulnerability → impact → cvss → av: Attack Vector (AV) score.
          • data → vulnerability → impact → cvss → ac: Attack Complexity (AC) score.
          • data → vulnerability → impact → cvss → pr: Privileges Required (PR) score.
          • data → vulnerability → impact → cvss → ui: User Interaction (UI) score.
          • data → vulnerability → impact → cvss → s: Scope (S) score.
          • data → vulnerability → impact → cvss → c: Confidentiality (C) score.
          • data → vulnerability → impact → cvss → i: Integrity (I) score.
          • data → vulnerability → impact → cvss → a: Availability (A) score.
          • data → vulnerability → impact → cvss → score: Global score (1.0 “-” to 9.9 “+”).
          • data → vulnerability → impact → cvss → severity: Severity.
          • data → vulnerability → impact → cvss → exploitable: Exploitability.
          • data → vulnerability → impact → cvss → impact: Global impact.
        • data → vulnerability → impact → cwe: (array) CWE score. More information in the CWE section.
          • data → vulnerability → impact → cwe → cwe: CWE identification.
          • data → vulnerability → impact → cwe → name: Name.
          • data → vulnerability → impact → cwe → description: Description.
  • update: Last information update (UNIXTIME).