WordPress Vulnerability Database API
·
New ImageMagick and curl Endpoints In line with our efforts to enhance the security of WordPress, in addition to the software itself, PHP, and the web servers, database servers, we have included vulnerabilities from some of the most usual extensions: ImageMagick and curl. The new endpoints are:— ImageMagick endpoint— curl endpoint Currently, the database includes…
·
New MariaDB and MySQL Endpoints In line with our efforts to enhance the security of WordPress, in addition to the software itself, PHP, and the web server, we have included vulnerabilities from the most widely used databases: MariaDB and MySQL. The new endpoints are:— MariaDB endpoint— MySQL endpoint Currently, the database includes 396 vulnerabilities for…
·
Apache HTTPD API endpoint, out of beta As we commented in the last API update, we have already published out of beta the endpoint of PHP vulnerabilities, and this time it is the turn of Apache HTTPD vulnerabilities. The first version of this new database has 263 vulnerabilities, corresponding to Apache HTTPD 1.3, 2.0, 2.2…
·
PHP vulnerabilities, out of beta A few months ago, we started the PHP API with PHP vulnerabilities. And now, it’s finally fully available. We’ve been working to create a full database, and the first version has almost 700 vulnerabilities. The API has information available from PHP 4.0 to PHP 8.3. Here is the API PHP…
·
PHP vulnerabilities (beta) WordPress is not solely made up of the Core, Plugins, and Themes; it also requires additional components to operate effectively. The most crucial of these is PHP, which is why we have chosen to expand our vulnerability database to include information on PHP vulnerabilities. Currently, vulnerabilities that have emerged since PHP 7.0.0…
·
Up-to-date One of the initial objectives of the WPVulnerability project has been to have as much information available in the most reliable way possible. And although we are constantly working on improving many aspects, today we can announce a new milestone in this process: we have finished incorporating all WPScan vulnerabilities. Presently, we have processed,…
·
Unfixed, revisited When a plugin or theme is marked as unfixed, the vulnerability is enabled, but, if fixed, there was no easy way to report it. This is why, starting today, we are going to retest unfixed vulnerabilities occasionally to analyze if they are fixed and update the API information. In the coming days we…
·
Wordfence vulnerabilities As we announced 3 weeks ago, we’ve added, review, and checked over 9,500 new vulnerabilities and added hundreds of new plugins and themes to the API. This has helped to expand the information and improve thousands of existing data. Unify duplications We are going to work in some internal projects, the main one…
·
Closed plugins From now on, plugins that are closed, or are going to close, in the WordPress.org repository, will automatically cause all vulnerabilities in that plugin to mark that the plugin is closed. In the same way, those plugins with vulnerabilities marked as closed, but that the plugin has been reopened, will be properly maintained.…