Wordpress + plugins CVE query

An example Wordpress CVE query to list all the vulnerabilities associated with your wordpress install

In this example we will be quering the CVE database for any vulnerabilities that matches our current wordpress install and associated plugins.

Wordpress Version: 5.3.0

Plugins install:

  • WooCommerce Upload Files WordPress plugin

  • WP Fluent Forms plugin

  • Social Slider Widget

Running the below query, will search the entire CVE database and look for any vulnerabilities that match the software installed on your wordpress install.

curl -X POST -H "Content-Type: application/json" \
-d '[
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:wordpress:wordpress:5.3.0:*:*:*:*:*:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:woocommerce:upload_files:57.3:*:*:*:*:wordpress:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:cm-wp:social_slider_widget:-:*:*:*:*:wordpress:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } },
{ "retrieve": "cves", "dict_filter": { "vulnerable_configuration": "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:wordpress:*:*:*" }, "limit": 10, "query_filter": { "access": 0, "cwe": 0, "vulnerable_configuration": 0, "vulnerable_product": 0 } }
]' \
https://vuln.sentnl.io/api/query
PreviousGrafana SSRF exploitNextHyperion CVE Query

Last updated