The WPScan WordPress Vulnerability Database API is provided for users and developers to make use of our vulnerability database data. Our data includes WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities. This API is used by our WordPress Security Scanner and our WordPress Security Plugin.
Free
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
Starter
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
Professional
How many API requests do I need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
Enterprise
Prices start from €2000 per year for up to 133 websites, then €15 per year for each additional website.
Discounts are available for high numbers of websites.
Billed annually.
Number of Vulnerabilities Added in October
Number of API Calls in October
Where does the vulnerability data come from?
All of the vulnerabilities are manually entered into our database by a WordPress security professional. That means that each vulnerability is manually checked, which, although is very time consuming, drastically reduces the posibility of false positives. Our vulnerabilities are sourced from around the web, as well as being sent to us directly by security researchers. We also find many security issues ourselves. We are a CVE Numbering Authority (CNA), so we are able to directly assign CVE numbers for WordPress core vulnerabilities, plugin vulnerabilities and theme vulnerabilities. We are constantly updating older vulnerabilities with new information as it comes to light. Check out our WordPress Vulnerability Statistics for further details about our vulnerability data.
General Terms and Conditions
By using our service you agree to the following:
To use the API you need to register a user and use the API token from your profile page. You have to send this API token with every request in the Authorization HTTP Header, as seen below.
Authorization: Token token=API_TOKEN
cURL example:
curl -H "Authorization: Token token=API_TOKEN" https://wpscan.com/api/v3/wordpresses/494
For full technical details, including endpoints and response data, refer to our official API documentation.