Skip to content
Patchstack Docs

Find vulnerabilities for a product

GET
/product/{type}/{name}/{version}

Return every advisory that applies to a specific WordPress plugin, theme or core version.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
type
required
string
Allowed values: plugin theme wordpress
Example
plugin

Product ecosystem.

name
required
string
Example
tutor

WordPress plugin or theme slug. Use wordpress when type=wordpress. Slugs are lowercase — normalize your own data before comparison.

version
required
string
Example
1.5.2

Concrete version (e.g. 1.5.2).

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Matched advisories (possibly empty).

object
vulnerabilities
required
Array<object>

Flat per-item shape returned by the Standard tier. For the richer shape (with description, cvss_score, cve, patched_in_ranges, etc.), see the Extended tier.

object
id
required

Stable Patchstack vulnerability id.

integer
Example
4253
title
required

Human-readable title including product name, affected version, and vulnerability type.

string
Example
WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability
disclosed_at
required

When the vulnerability was publicly disclosed (ISO 8601).

string format: date-time
Example
2020-02-04T00:00:00+00:00
created_at
required

When the row was inserted into the Patchstack database (ISO 8601).

string format: date-time
Example
2022-05-27T10:23:01+00:00
product_slug
required

Lowercase slug of the product.

string
Example
tutor
product_name
required

Display name of the product.

string
Example
Tutor LMS
product_name_premium

Premium variant name when a plugin author ships two plugins under the same slug. null in the common case.

string
nullable
product_type
required

Product ecosystem.

string
Allowed values: Plugin Theme WordPress
Example
Plugin
fixed_in
required

First version that contains the patch. Empty string when Patchstack has not yet recorded a fixed version.

string
Example
1.5.3
direct_url
required

Public Patchstack vulnerability page.

string format: uri
Example
https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability
Example
{
  "vulnerabilities": [
    {
      "id": 4253,
      "title": "WordPress Tutor LMS plugin <= 1.5.2 - Cross-Site Request Forgery (CSRF) vulnerability",
      "disclosed_at": "2020-02-04T00:00:00+00:00",
      "created_at": "2022-05-27T10:23:01+00:00",
      "product_slug": "tutor",
      "product_name": "Tutor LMS",
      "product_name_premium": null,
      "product_type": "Plugin",
      "fixed_in": "1.5.3",
      "direct_url": "https://patchstack.com/database/vulnerability/tutor/wordpress-tutor-lms-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability"
    }
  ]
}

401

Section titled “401 ”

Missing or invalid PSKey header.

403

Section titled “403 ”

API key not authorised for the requested endpoint.

404

Section titled “404 ”

Unknown product/version combination.

429

Section titled “429 ”

Rate limit exceeded (5,000 requests / 24 hours).