{"id":28414881,"url":"https://github.com/ihuzaifashoukat/wordpress-vulnerability-database","last_synced_at":"2025-10-10T03:36:01.957Z","repository":{"id":296141953,"uuid":"988185991","full_name":"ihuzaifashoukat/wordpress-vulnerability-database","owner":"ihuzaifashoukat","description":"#1 Open WordPress vulnerability database tracking 27,000+ issues (plugins, themes, core). Updated On Daily Basis. Formats: SQLite, CSV, Excel.","archived":false,"fork":false,"pushed_at":"2025-06-11T18:19:15.000Z","size":207806,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-25T09:42:48.813Z","etag":null,"topics":["ethical-hacking","security","vulnerbility","vulnerbility-analysis","vulnerbility-research","web-vulnerabilities","website","website-security","wordpress","wordpress-bugs","wordpress-development","wordpress-plugin","wordpress-security","wordpress-site","wordpress-theme","wordpress-vulnerability","wordpress-vulnerability-scanner","wordpress-vulnerability-scanning","wordpress-vulnerable"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ihuzaifashoukat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-22T07:19:35.000Z","updated_at":"2025-06-11T18:19:20.000Z","dependencies_parsed_at":"2025-05-29T06:48:46.765Z","dependency_job_id":null,"html_url":"https://github.com/ihuzaifashoukat/wordpress-vulnerability-database","commit_stats":null,"previous_names":["ihuzaifashoukat/wordpress-vulnerability-database"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ihuzaifashoukat/wordpress-vulnerability-database","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihuzaifashoukat%2Fwordpress-vulnerability-database","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihuzaifashoukat%2Fwordpress-vulnerability-database/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihuzaifashoukat%2Fwordpress-vulnerability-database/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihuzaifashoukat%2Fwordpress-vulnerability-database/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ihuzaifashoukat","download_url":"https://codeload.github.com/ihuzaifashoukat/wordpress-vulnerability-database/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihuzaifashoukat%2Fwordpress-vulnerability-database/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002621,"owners_count":26083425,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethical-hacking","security","vulnerbility","vulnerbility-analysis","vulnerbility-research","web-vulnerabilities","website","website-security","wordpress","wordpress-bugs","wordpress-development","wordpress-plugin","wordpress-security","wordpress-site","wordpress-theme","wordpress-vulnerability","wordpress-vulnerability-scanner","wordpress-vulnerability-scanning","wordpress-vulnerable"],"created_at":"2025-06-03T11:16:09.472Z","updated_at":"2025-10-10T03:36:01.952Z","avatar_url":"https://github.com/ihuzaifashoukat.png","language":"Python","readme":"# Open WordPress Vulnerability Database (OWVD) - Your Comprehensive Resource for WordPress Security Insights\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![Data Source](https://img.shields.io/badge/Data%20Source-Wordfence-critical)](https://www.wordfence.com/threat-intel/vulnerabilities)\n[![Update Frequency](https://img.shields.io/badge/Updated-Every%2012%20Hours-blue.svg)](https://shields.io/)\n[![Formats](https://img.shields.io/badge/Formats-SQLite%2C%20CSV%2C%20Excel-green.svg)](https://shields.io/)\n[![Tracks](https://img.shields.io/badge/Tracks-Plugins%2C%20Themes%2C%20Core-brightgreen)](https://shields.io/)\n[![Vulnerability Types](https://img.shields.io/badge/Types-All%20Major%20(RCE%2C%20SQLi%2C%20XSS%20etc.)-orange)](https://shields.io/)\n[![Database Size](https://img.shields.io/badge/Vulnerabilities%20Tracked-27000%2B%20(growing)-informational)](https://shields.io/) \u003c!-- Placeholder, update if possible --\u003e\n\n\n**OWVD (Open WordPress Vulnerability Database)** aspires to be the leading open-source resource for WordPress ecosystem vulnerabilities. It currently tracks over **27,000+ vulnerabilities** (and growing daily) related to plugins, themes, and core software. Sourced directly from the esteemed Wordfence Threat Intelligence, OWVD provides structured and timely vulnerability data for security researchers, WordPress developers, and website administrators.\n\n## Why This Database?\n\nIn the dynamic landscape of web security, staying informed about the latest WordPress vulnerabilities is crucial. OWVD provides:\n*   **Accessibility**: Easy access to vulnerability data in common, usable formats.\n*   **Timeliness**: Regular updates ensure you have recent information.\n*   **Comprehensiveness**: A wide range of data points for each vulnerability.\n*   **Openness**: Free to use and integrate into your security workflows and research under a permissive MIT license.\n\n## Key Features\n\n*   **Comprehensive Data**: Each entry includes details such as:\n    *   Vulnerability Title\n    *   CVE ID (if available)\n    *   CVSS Score \u0026 Rating\n    *   Researcher Credits\n    *   Publication \u0026 Last Update Dates\n    *   Detailed Description\n    *   Reference Links\n    *   Affected Software Name, Type (Plugin, Theme, Core), and Slug\n    *   Patch Status, Remediation Information, and Affected Versions\n*   **Sourced from Wordfence**: Leverages the extensive data curated by Wordfence.\n*   **Regularly Updated**: The dataset is refreshed approximately every 12 hours to include new vulnerabilities and updates to existing ones.\n*   **Multiple Formats**:\n    *   **SQLite**: `vulnerabilities.db` - A relational database file.\n    *   **CSV**: `vulnerabilities.csv` - Comma-separated values, easy to import.\n    *   **Excel**: `vulnerabilities.xlsx` - Spreadsheet format.\n*   **Sorted Data**: Datasets are generally presented with the most recently published vulnerabilities first.\n*   **Open \u0026 Accessible**: Provided under a permissive open-source license for broad use.\n*   **Tracks All Types**: Includes a wide array of vulnerability types such as Remote Code Execution (RCE), SQL Injection (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), Authorization Bypass, and more.\n\n## Data Schema Highlights\n\nThe database and data files generally include the following fields for each vulnerability:\n\n*   `id`: Unique record ID in the SQLite database.\n*   `title`: The title of the vulnerability.\n*   `cve_id`: CVE identifier (e.g., CVE-2023-XXXXX), if available.\n*   `detail_page_url`: The Wordfence URL for the vulnerability (useful for direct reference).\n*   `cvss_score`: CVSS score (e.g., 7.5).\n*   `cvss_rating`: CVSS rating (e.g., High, Critical).\n*   `researcher`: The name of the credited researcher(s).\n*   `published_date`: Date the vulnerability was publicly published.\n*   `description`: A detailed description of the vulnerability.\n*   `reference_links`: URLs to advisories or related information.\n*   `software_name`: Name of the affected WordPress plugin, theme, or core.\n*   `software_type`: Type of software (Plugin, Theme, Core).\n*   `software_slug`: The slug of the software (e.g., from wordpress.org).\n*   `patched_status`: Indicates if a patch is available (e.g., \"Yes\", \"No\").\n*   `remediation`: Information on how to fix or mitigate the vulnerability.\n*   `affected_versions`: Versions of the software affected by the vulnerability.\n*   `last_updated_date`: The date the vulnerability information was last updated by Wordfence.\n*   `scraped_timestamp`: The timestamp when the record was added or last updated in this database.\n\n## How to Use This Database\n\nYou can utilize the data in several ways:\n\n1.  **CSV / Excel**:\n    *   Download `vulnerabilities.csv` or `vulnerabilities.xlsx`.\n    *   Open with any compatible spreadsheet software (Excel, Google Sheets, LibreOffice Calc) or data analysis tools (like Pandas in Python, R).\n2.  **SQLite Database**:\n    *   Download `vulnerabilities.db`.\n    *   Use any SQLite browser or tool (e.g., DB Browser for SQLite, DBeaver, sqlite3 CLI) to connect and query the database.\n    *   Example SQL query:\n        ```sql\n        SELECT title, cve_id, cvss_score, published_date \n        FROM vulnerabilities \n        WHERE cvss_rating = 'Critical' \n        ORDER BY published_date DESC;\n        ```\n\n## Free WordPress Vulnerability Flask API\n\nThis project also provides a free Flask API to access the WordPress vulnerability data programmatically.\n\n**Base URL:** `https://wordpress-vulnerability-database-dqdte5emdfekd7a8.canadacentral-01.azurewebsites.net/api`\n\n### API Features\n\n*   **Access Vulnerability Data**: Retrieve up-to-date information on WordPress plugin, theme, and core vulnerabilities.\n*   **Search and Filter**: Search for vulnerabilities by various criteria such as CVE ID, software name, slug, or keyword.\n*   **Detailed Information**: Get comprehensive details for each vulnerability, similar to the data available in the downloadable files.\n*   **List Recent Vulnerabilities**: Fetch a list of the most recently published or updated vulnerabilities.\n*   **JSON Responses**: API responses are primarily in JSON format, making them easy to parse and integrate.\n\n### API Usage Examples\n\nBelow are some conceptual examples of how you might interact with the API. The exact endpoints and parameters should be confirmed by checking the API's documentation or source code (`app.py` in this repository).\n\n*   **Get all vulnerabilities (paginated by default):**\n    ```http\n    GET /api/vulnerabilities\n    ```\n    *Example with pagination:*\n    ```http\n    GET /api/vulnerabilities?page=2\u0026per_page=50\n    ```\n\n*   **Get a specific vulnerability by its database ID:**\n    ```http\n    GET /api/v1/vulnerabilities/id/{id}\n    ```\n    *Example:* `GET /api/v1/vulnerabilities/id/12345`\n\n*   **Search vulnerabilities by CVE ID:**\n    ```http\n    GET /api/v1/vulnerabilities/cve/{cve_id}\n    ```\n    *Example:* `GET /api/v1/vulnerabilities/cve/CVE-2023-12345`\n\n*   **Search vulnerabilities by software slug:**\n    ```http\n    GET /api/v1/vulnerabilities/slug/{software_slug}\n    ```\n    *Example:* `GET /api/v1/vulnerabilities/slug/contact-form-7`\n\n*   **Search vulnerabilities by keyword (searches title and description):**\n    ```http\n    GET /api/v1/vulnerabilities/search?q={keyword}\n    ```\n    *Example:* `GET /api/v1/vulnerabilities/search?q=SQL%20Injection`\n\n*   **Get latest N vulnerabilities:**\n    ```http\n    GET /api/v1/vulnerabilities/latest?count=10\n    ```\n\n**Note:** The API is designed to be simple and easy to use. Please refer to `app.py` for the definitive list of available endpoints, request parameters, and response structures.\n\n## Data Source \u0026 Accuracy\n\n*   This database is populated by scraping data from the publicly available Wordfence Threat Intelligence vulnerability database at [www.wordfence.com/threat-intel/vulnerabilities](https://www.wordfence.com/threat-intel/vulnerabilities).\n*   While efforts are made to ensure data accuracy and timeliness, Wordfence remains the authoritative source. This database is provided as a convenient mirror and may have discrepancies or delays.\n*   The `scraped_timestamp` field indicates when a record was last fetched/updated by the scraping process for this database.\n\n## Contributing\n\nWhile the data itself is scraped, contributions are welcome in the form of:\n*   Reporting issues with the data (e.g., parsing errors, missing information that *is* on Wordfence).\n*   Suggesting improvements to the data structure or presentation.\nPlease open an issue in this GitHub repository to contribute.\n\n## License\n\nThe data in this repository is provided under the **MIT License**. \nYou can view the full license text in the [LICENSE](LICENSE) file in this repository.\n\nThe underlying vulnerability information is sourced from Wordfence and is subject to their terms and conditions.\n\n## Disclaimer\n\nThis database is provided \"as is\", without warranty of any kind, express or implied. The maintainers of this repository are not responsible for any actions taken based on the information provided herein. Always verify critical information with the authoritative source (Wordfence) and follow responsible disclosure practices.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihuzaifashoukat%2Fwordpress-vulnerability-database","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fihuzaifashoukat%2Fwordpress-vulnerability-database","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihuzaifashoukat%2Fwordpress-vulnerability-database/lists"}