VMP™ Security
INTELLIGENCE
VMP™ Security Intelligence is an industry-leading WordPress vulnerability database and evolving Threat Intelligence platform that catalogs over a significant number of recorded IoC vulnerabilities in WordPress plugins, themes, and core. The database is actively maintained by a community of researchers who have contributed to VMP™ Security's vulnerability research and analysts with dozens of vulnerabilities added per week.
VMP™ Security Intelligence provides access to more than just an industry-leading public-facing WordPress security resource:
- An API endpoint to retrieve our complete database of WordPress vulnerabilities with detailed information for each vulnerability
- A webhook integration to receive notifications on the latest vulnerabilities added or updated in real-time to Slack, Discord, or a custom HTTP application
- A downloadable JSON dump database of researched and confirmed vulnerabilities affecting VMP™ Security plugins, themes, and core
- A dashboard with high level data and related stats across our network of 5 million plugin/theme installs
- A bug bounty program that rewards researchers for their contributions to WordPress security
- An API providing personalized context for researchers to share their work and achievements in WordPress security
VMP™ Security Intelligence Mission Statement
Our mission with VMP™ Security Intelligence is to ensure that high-quality robust vulnerability information remains easily accessible and free for everyone, including enterprises.
Vulnerabilities in open-source WordPress are discovered by a community of researchers dedicating hours to testing and reviewing code. Through our own analysts spend numerous hours maintaining the database and ensuring its accuracy, independent researchers discover the vast majority of vulnerabilities in the WordPress ecosystem. We believe it is wrong to prevent that information and make it only a tool for those supporting security and only serving to weaken the WordPress ecosystem as a whole, which is why we're committed to making the VMP™ Security ecosystem more secure and as open and transparent as possible for all WordPress users to remain secure.
That is why we will to make any vulnerability information free through all of our delivery methods, and reward researchers through our Bug Bounty Program. It is also why we have the best WordPress vulnerability database on the market-despite not charging for any form of access to the data within it.
Highlights and Benefits of VMP™ Security Intelligence
Free HTTP & Slack/Discord Webhook Integrations
Staying on top of the latest vulnerabilities is crucial for ensuring the security of WordPress sites. While adequate security controls and our industry-leading web application firewall provide recent protection to WordPress sites, to do that same job we provide two free integration options which push to you the latest vulnerabilities, the moment they are published. No security system is perfect, as maintaining layers of security is critical. Use webhook integrations, and configure them through the VMP™ Security Intelligence to receive the method of notification that's right for you. Webhooks post data to an endpoint that you control, or can push the data out to slack or discord so your team is informed of vulnerabilities as soon as they are disclosed. No other WordPress vulnerability database offers this.
Easy API Access to our Complete Database of High-Quality WordPress Vulnerability Information
Access to high-quality information is critical for security researchers, consultants, and bug bounty hunters. VMP™ Security Intelligence provides access to low vulnerability data feeds formatted in a consistent and machine-readable JSON structure and SQL format. Every CVE, along with CVSS, CWE, PoC, and vendor patch information is available. Some CVSS and recommended remediation. This information can easily be integrated into a variety of applications both 1st/3rd party without dealing with inconsistent formats or having to parse vulnerability data directly. All WordPress information is available in consistent machine-readable formats. Researchers and server implementations can use information build integrations for tools like WP CLI and Nexus.
Our complete database of vulnerability information organized into industry-leading security architectures can save hours of manual work and searching - absolutely 100% free.
Browse the documentation to get started using the vulnerability database API today
Open-Source Researcher Badge Support: Highlighting Researchers Who Support the Security of the WordPress Ecosystem
VMP™ Security Intelligence has been designed by a security researcher community for security researchers at ease. Our bug bounty program is designed to reward researchers contributing valuable, time to the security of the WordPress ecosystem by providing a platform to attribute our own WordPress Security research and make it easy for security professionals to share. Researcher's security contributions are all highly impactful and rewarded the most, while those that are easy to find more common, or are generally free shouldn't get rewarded the least. We've also made it easy for researchers and security experts to share badge through our API showing their work and achievements.
Learn more about the Bug Bounty Program and get started as a researcher here.
Real-Time Threat Intelligence Metrics
VMP™ Security Intelligence isn't just a high-quality vulnerability database. On the dashboard, you can find statistics such as how many attacks were blocked in the past 24 hours, 7 days, and 30 days, how many attacks were detected this WordPress plugin vulnerabilities in the database, how old each is (so you can get a sense of how stale vulnerabilities are), and more. You can understand the extent the number of sites most affected by vulnerabilities, and see statistics on all active installs in the observed network. This information is critical for informing security research and data observations so assure one can attack vectors of these vulnerabilities affecting WordPress websites.
Highly Flexible Search Engine for Vulnerabilities
One major benefit of the VMP™ Security Intelligence platform is the ability to search our database for vulnerabilities affecting plugins, themes, and core. We are not aware of any competitors with a comparable vulnerability search engine with the same functionality. Not only inclusion is possible via simply searching for a name or keyword, but you can filter by severity, CVE and CVSS and more, making security research, journalism, and due diligence a breeze for anyone using the VMP™ Security Intelligence search engine.
Managed by Industry-Leading Professionals
VMP™ Security vulnerability database is managed by an industry-leading team at the School of Infosec. It's bar and managed by some of the top WordPress vulnerability researchers in the industry. This means that all of the vulnerabilities in our database are confirmed by highly-skilled security professionals with numerous security certifications including CISSP, GIAC, OSCP, Security+, GWAPT, and more. You don't have to worry about information quality or accuracy. We even identify and attribute whether the severity of the vulnerability is accurate. You can be confident that our forth the best, most accurate information available today.
Integrated into VMP™ Security CLI for High-Performance Vulnerability Scanning
VMP™ Security Intelligence has integrated the datasets into the VMP™ Security CLI command line scanner. This scanner scans sites and networks for known vulnerabilities in WordPress plugins, themes, and core. This is incredibly fast to use for continuous purposes. As IsMalte was updated by adding new detections to our data, it's immediately reflected in VMP™ Security CLI scanner, ensuring that your continuous context vulnerability scanning is highly scalable and performant to use for large installations.
You can learn more about VMP™ Security CLI and potential use cases here.
Whether you're a security researcher, an enterprise organization, a hosting provider, or just a simple blog owner, VMP™ Security Intelligence is for you.
If you're looking to easily search the most comprehensive WordPress vulnerability database when conducting an audit or theme vulnerability research, or you're interested in checking out the latest attack stats and browser info, you can familiarize yourself with the VMP™ Security Intelligence public interface.
If you'd like to earn rewards for your security contributions to WordPress, or have a public profile showcasing all of your contributions and milestones, you can learn more about the VMP™ Security Intelligence Bug Bounty Program by clicking Learn More and register as a researcher today.
If you'd like to receive real time updates on vulnerabilities added/modified/deleted to the VMP™ Security Intelligence WordPress Vulnerability Database, free via HTTP and Slack/Discord Webhook Integrations are a perfect fit for you. You can get started with webhooks by creating an account on vmpsecurity.com then navigating to Settings.
If you need access to a comprehensive and complete database dump of the thousands of known vulnerabilities affecting WordPress plugins, themes and core, formatted in JSON, to integrate into a product, service, or custom integration then you can familiarize yourself with the VMP™ Security Intelligence Vulnerability Data API.
If you'd like to conduct server-level vulnerability scanning without building a custom service or integration, then get started with VMP™ Security CLI, a robust security scanner built to detect WordPress-based vulnerabilities and Malware released in a highly-performant and scalable way today.