Wordpress + plugins CVE query

An example Wordpress CVE query to list all the vulnerabilities associated with your wordpress install

In this example we will be quering the CVE database for any vulnerabilities that matches our current wordpress install and associated plugins.

Wordpress Version: 5.3.0

Plugins install:

WooCommerce Upload Files WordPress plugin
WP Fluent Forms plugin
Social Slider Widget

Running the below query, will search the entire CVE database and look for any vulnerabilities that match the software installed on your wordpress install.

curl -X POST -H "Content-Type: application/json" \
-d '[
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:wordpress:wordpress:5.3.0:*:*:*:*:*:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:woocommerce:upload_files:57.3:*:*:*:*:wordpress:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:cm-wp:social_slider_widget:-:*:*:*:*:wordpress:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:wordpress:*:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } }
]' \
https://vuln.sentnl.io/api/query

PreviousGrafana SSRF exploit NextHyperion CVE Query

Last updated 4 years ago

Was this helpful?