GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/50006?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50006?format=api",
    "vulnerability_id": "VCID-wfpw-b9xp-rbh1",
    "summary": "The Grow by Tradedoubler  WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.",
    "aliases": [
        {
            "alias": "CVE-2024-6460"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6460",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.90904",
                    "scoring_system": "epss",
                    "scoring_elements": "0.9965",
                    "published_at": "2026-06-14T12:55:00Z"
                },
                {
                    "value": "0.90904",
                    "scoring_system": "epss",
                    "scoring_elements": "0.99651",
                    "published_at": "2026-06-13T12:55:00Z"
                },
                {
                    "value": "0.91218",
                    "scoring_system": "epss",
                    "scoring_elements": "0.99668",
                    "published_at": "2026-06-11T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6460"
        },
        {
            "reference_url": "https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/",
            "reference_id": "ba2f53e0-30be-4f37-91bc-5fa151f1eee7",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track*",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-08-19T20:50:04Z/"
                }
            ],
            "url": "https://wpscan.com/vulnerability/ba2f53e0-30be-4f37-91bc-5fa151f1eee7/"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 22,
            "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
            "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."
        }
    ],
    "exploits": [],
    "severity_range_score": "9.8 - 9.8",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfpw-b9xp-rbh1"
}