WordPress vulnerability database

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

Back in 2012, the fine folks behind the BruCON conference announced that from the 2013 edition of their popular event, a special budget will be allocated for supporting creative minds to come up with projects that will benefit the infosec community. The project was named 5by5 and in its first year four ideas were funded with 5000 EUR each.

This year Ryan Dewhurst and the team behind the popular WPScan open source black box WordPress vulnerability used the funding from the 5by5 project to setup the WPScan Vulnerability Database, an online version of WPScan’s data files used to detect WordPress core, plugin and theme vulnerabilities.

Each vulnerability item in the database specifies the affected versions, provides external references with more details on the bug in question, as well as provides a vulnerability classification (in-house WPVDB ID, CVE, CWE and OWASP Top 10 reference). The database also has an API available for non-commercial usage.

The idea behind the project is to leverage existing depository of WordPress security vulnerabilities built in WPScan and making these issues more visible and accessible to WordPress administrators, users and the overall security community.