This repo contains a running list of WordPress vulnerabilities that I have found. The full list is in vulnerabilities-table.md.
It also includes some quick scripts so that I can update the list on my website at https://bobmatyas.com/projects/wordpress-plugin-vulnerabilities/.
This project contains scripts to generate formatted vulnerability tables from JSON data. It processes WordPress plugin vulnerability information and outputs tables in Markdown and WordPress HTML formats.
The project takes vulnerability data from vulnerabilities-final.json and generates two types of output:
- Markdown table (
vulnerabilities-table.md) - For documentation and GitHub/GitLab - WordPress HTML table (
vulnerabilities-wordpress-table.html) - For WordPress block editor
Both outputs are sorted by CVE date (most recent first) and include:
- Vulnerability number (descending from total count)
- Vulnerability title with link to WPScan.com
- CVSS score
- CVE ID with link to NVD
- Python 3.6 or higher
- Required Python packages (see
requirements.txt)
- Clone or download this repository
- Install dependencies:
pip install -r requirements.txtGenerate a Markdown-formatted table suitable for GitHub, GitLab, or documentation:
python generate_markdown_table.pyThis will:
- Read from
vulnerabilities-final.json - Generate
vulnerabilities-table.md - Sort vulnerabilities by CVE date (newest first)
- Number entries from highest to lowest
Output: vulnerabilities-table.md
Generate a WordPress block editor compatible HTML table:
python generate_wordpress_table.pyThis will:
- Read from
vulnerabilities-final.json - Generate
vulnerabilities-wordpress-table.html - Create WordPress block table format with proper HTML structure
- Sort vulnerabilities by CVE date (newest first)
- Number entries from highest to lowest
Output: vulnerabilities-wordpress-table.html
The scripts expect vulnerabilities-final.json to be a JSON array of vulnerability objects with the following structure:
[
{
"pluginName": "Plugin Name",
"vulnerabilityTitle": "Vulnerability Title",
"cvssScore": "5.8",
"cveId": "CVE-2025-9116",
"cveReference": "https://nvd.nist.gov/vuln/detail/CVE-2025-9116",
"link": "https://wpscan.com/vulnerability/..."
}
]The Markdown output creates a table with:
- Right-aligned numbers
- Linked vulnerability titles (to WPScan.com)
- Right-aligned CVSS scores
- Linked CVE IDs (to NVD)
The WordPress output creates HTML compatible with the WordPress block editor:
- Uses WordPress block comments (
<!-- wp:table -->) - Properly escaped HTML
- Linked vulnerability titles and CVE IDs
- Styled table cells with alignment
- Automatic sorting: Vulnerabilities are sorted by CVE date (year and number) in descending order
- Numbering: Entries are numbered from the total count down to 1
- Link generation: Automatically creates links to WPScan.com and NVD
- Character escaping: Properly escapes special characters for both Markdown and HTML
- Error handling: Checks for input file existence before processing
wordpress-vulnerabilities/
├── README.md # This file
├── requirements.txt # Python dependencies
├── vulnerabilities-final.json # Input data file
├── generate_markdown_table.py # Markdown table generator
├── generate_wordpress_table.py # WordPress table generator
├── vulnerabilities-table.md # Generated Markdown output
└── vulnerabilities-wordpress-table.html # Generated WordPress output
- Both scripts require
vulnerabilities-final.jsonto be present in the same directory - The scripts will overwrite existing output files if they exist
- CVE IDs are parsed to extract year and number for proper sorting
- Vulnerabilities without valid CVE IDs are placed at the end of the sorted list