The WPScan team is a CNA. A CVE Numbering Authority. A CNA basically gives the authority to submit vulnerabilities in a piece of software (or hardware) to a particular vendor. The WPScan team finds many vulnerabilities in wordpress installs all across the internet. Any researcher can submit a vulnerability at the following url.
For easier insight into the vulnerability data that they house, they have an API that can be queried. I wrote a docker container that has shellscript wrapper that will query for vulnerable plugins, themes, and wordpress core versions. I hope it can be useful for somebody else that wants quick insight into the data this database houses.
You will need to create an API token on the wpscan website. They will allow you 25 free API calls per day on the free plan. That is more than enough for my hobbyist usage with this program. You can find the source code at my gitlab here.
Here is an example of the usage and querying for the navz-photo-gallery plugin:
docker run --env-file .env wp_checker --plugin 'navz-photo-gallery'
{
"navz-photo-gallery": {
"friendly_name": "ACF Photo Gallery Field",
"latest_version": "1.7.8",
"last_updated": "2021-12-22T19:24:00.000Z",
"popular": true,
"vulnerabilities": [
{
"id": "5855f1fe-28f6-4cd6-a83c-95c23d809b79",
"title": "ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting",
"created_at": "2021-12-20T09:35:11.000Z",
"updated_at": "2021-12-20T09:35:12.000Z",
"published_date": "2021-12-20T00:00:00.000Z",
"description": null,
"poc": null,
"vuln_type": "XSS",
"references": {
"cve": [
"2021-24909"
]
},
"cvss": null,
"fixed_in": "1.7.5",
"introduced_in": null
}
]
}
}