Bulk product check
POST /batch
Check up to 50 products in a single request. Items with exists: true
return a boolean per slug; items with exists: false return the full
advisory list per slug.
The response is keyed by product_slug, not by array index —
duplicate slugs in the request collapse.
Authorizations
Section titled “Authorizations ”Request Body required
Section titled “Request Body required ”object
Product slug (plugin/theme slug, or wordpress).
Example
easy-digital-downloads1Concrete version.
Example
1.0.0Example
pluginWhen true, return a boolean-only result for this item.
Example
trueExamples
Boolean-only across all items
[ { "name": "easy-digital-downloads1", "version": "1.0.0", "type": "plugin", "exists": true }, { "name": "wordpress", "version": "3.0.0", "type": "wordpress", "exists": true }]Mix of full advisory list and boolean
[ { "name": "easy-digital-downloads1", "version": "1.0.0", "type": "plugin", "exists": false }, { "name": "wordpress", "version": "3.0.0", "type": "wordpress", "exists": true }]Responses
Section titled “ Responses ”Per-slug results.
object
object
Flat per-item shape returned by the Extended tier. Superset of the
Standard shape — adds description, vuln_type, cvss_score, cve,
is_exploited, patch_priority, affected_in, and
patched_in_ranges.
object
Stable Patchstack vulnerability id.
Example
7976Stable Patchstack product id.
Example
2175Human-readable title including product name, affected version, and vulnerability type.
Example
WordPress File Upload plugin <= 4.16.2 - Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)Short narrative summary of the advisory.
Example
Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE) discovered by apple502j in WordPress File Upload plugin (versions <= 4.16.2).Disclosure date in YYYY-MM-DD HH:MM:SS form (legacy).
Example
2022-03-01 00:00:00Disclosure date in ISO 8601.
Example
2022-03-01T00:00:00+00:00When the row was inserted into the Patchstack database (ISO 8601). Drives /latest windowing.
Example
2022-03-07T11:17:05+00:00URL slug for the advisory.
Example
wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rceLowercase slug of the product.
Example
wp-file-uploadDisplay name of the product.
Example
WordPress File UploadPremium variant name when the author ships two plugins under the same slug. null in the common case.
Product ecosystem.
Example
PluginHigh-level vulnerability category (e.g. SQL Injection, Cross Site Scripting (XSS)).
Example
Directory TraversalCVSS base score, 1.0–10.0. null for unclassified advisories.
Example
8.8CVE identifiers. An advisory can have zero, one, or multiple.
Example
[ "2021-24962"]Whether exploitation has been observed in the wild.
Recommended patch urgency.
1— Low → patch within 30 days2— Medium → patch within 7 days3+— High → patch immediatelynull— unknown
Example
3Affected version range. Formats include <= x.x.x, < x.x.x,
x.x.x-x.x.x, x.x.x,x.x.x, or a single x.x.x.
Example
<= 4.16.2First fixed version. Empty string when Patchstack has not yet recorded one.
Example
4.16.3For products that ship patches across multiple minor lines
(WordPress core, WooCommerce, Ninja Forms, …), each entry
describes a from_version–to_version range and its fix.
object
Starting version, inclusive.
Example
3.0Ending version, inclusive.
Example
3.0.34.1Version that contains the patch for this range.
Example
3.0.34.2Public Patchstack vulnerability page.
Example
https://patchstack.com/database/vulnerability/wp-file-upload/wordpress-file-upload-plugin-4-16-2-contributor-path-traversal-vulnerability-leading-to-remote-code-execution-rceExamples
Boolean-only response
{ "vulnerabilities": { "easy-digital-downloads1": true, "wordpress": true }}Mixed response
{ "vulnerabilities": { "easy-digital-downloads1": [ { "id": 4532, "product_id": 1572, "title": "WordPress Easy Digital Downloads plugin <= 2.10.2 - Cross-Site Request Forgery (CSRF) vulnerability", "description": "Cross-Site Request Forgery (CSRF) vulnerability discovered by WPScan team in WordPress Easy Digital Downloads plugin (versions <= 2.10.2).", "disclosure_date": "2021-04-16 00:00:00", "disclosed_at": "2021-04-16T00:00:00+00:00", "created_at": "2021-04-19T04:43:04+00:00", "url": "wordpress-easy-digital-downloads-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability", "product_slug": "easy-digital-downloads1", "product_name": "Easy Digital Downloads", "product_name_premium": null, "product_type": "Plugin", "vuln_type": "Cross Site Request Forgery (CSRF)", "cvss_score": 6.5, "cve": [], "is_exploited": false, "affected_in": "<= 2.10.2", "fixed_in": "2.10.3", "direct_url": "https://patchstack.com/database/vulnerability/easy-digital-downloads1/wordpress-easy-digital-downloads-plugin-2-10-2-cross-site-request-forgery-csrf-vulnerability" } ], "wordpress": true }}Missing or invalid PSKey header.
API key not authorised for the requested endpoint.
Invalid request payload (e.g. batch with more than 50 items).
Rate limit exceeded.