Freely subscribe to our NEWSLETTER

With 75 million users, WordPress is the most popular content management platform in the world and powers 39.6% of all websites, including the New York Times, Forbes, The White House and CNN. WordPress online retail platform, WooCommerce, is used by 27% of the ecommerce market.

Because it is the most popular CMS platform, WordPress also attracts the attention of cyber criminals. To help keep a third of the world’s websites protected against hackers, botnet operators and malware distributors, an international army of enthusiasts and cyber security experts constantly check for vulnerabilities that could be exploited. New vulnerabilities are assigned an identification number and added to the Common Vulnerability and Exposures (CVE) List, which is overseen by CVE Numbering Authorities (CNAs).
CNAs are organizations authorized by The CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope. WPScan has been named a CNA for WordPress core, plugin and theme CVEs.
The CVE Program is the de facto international standard for identifying and naming cyber security vulnerabilities. CVE enables two or more people or tools to refer to a specific vulnerability and know that it is the same one, resulting in significant time and cost savings and aiding mitigation efforts.

WPScan has been actively collecting WordPress core, plugin, and theme vulnerabilities and adding them to its own database since 2014 and has recorded more than 21,875 vulnerabilities in the past seven years. Listed vulnerabilities can be accessed by WPScan users through its API. WPScan also provides its own WordPress security plugin and WordPress security scanner.

The CVE Program is driven by a CVE Board, made up of industry, academic and government representatives from around the world. The CVE Program relies on an international community of vendors, end users and researchers who discover and register vulnerabilities. CNAs maintain a community-driven, open data registry of vulnerabilities, operated on a voluntary basis by participating organizations.

The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.

Every CVE Record added to the list is assigned by a CNA and the CVE List feeds the U.S. National Vulnerability Database (NVD).

References:
History of the CVE List: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wordpress
The CVE Program: https://cve.mitre.org/
MITRE Corporation: MITRE Corporation: https://www.mitre.org/
MITRE CNA List: https://cve.mitre.org/cve/cna.html
WPScan WordPress PlugIn: https://wordpress.org/plugins/wpscan
WPScan WordPress Scanner https://wpscan.com/wordpress-security-scanner
WPScan on Github: https://github.com/wpscanteam/wpscan