PHPackages                             ssnepenthe/soter-core - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. ssnepenthe/soter-core

AbandonedLibrary[API Development](/categories/api)

ssnepenthe/soter-core
=====================

A very basic library for interacting with the WPScan Vulnerability Database API.

0.2.0(8y ago)01032[6 issues](https://github.com/ssnepenthe/soter-core/issues)1GPL-2.0PHPPHP &gt;=5.3

Since May 24Pushed 6y agoCompare

[ Source](https://github.com/ssnepenthe/soter-core)[ Packagist](https://packagist.org/packages/ssnepenthe/soter-core)[ Docs](https://github.com/ssnepenthe/soter-core)[ RSS](/packages/ssnepenthe-soter-core/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependencies (3)Versions (4)Used By (1)

soter-core
==========

[](#soter-core)

Soter Core is a simple library for interacting with the [WPScan Vulnerability Database](https://wpvulndb.com/) API.

It contains the core logic for [Soter](https://github.com/ssnepenthe/soter) and [Soter Command](https://github.com/ssnepenthe/soter-command).

Requirements
------------

[](#requirements)

This package requires Composer. It *should* work down to PHP 5.3, however it is only properly tested down to PHP 5.6 since that is now the minimum required version for [10up/WP\_Mock](https://github.com/10up/wp_mock).

Installation
------------

[](#installation)

```
composer require ssnepenthe/soter-core

```

Usage
-----

[](#usage)

Depending on your use-case, you should be interacting with either the `Api_Client` class or the `Checker` class.

### API Client

[](#api-client)

```
$client = new Soter_Core\Api_Client(
    new Soter_Core\Cached_Http_Client(
        new Soter_Core\WP_Http_Client( 'Some user agent string' ),
        new Soter_Core\WP_Transient_Cache( 'unique-prefix', HOUR_IN_SECONDS )
    )
);
```

The API client exposes a `->check()` method which can be used to check a `Soter_Core\Package` instance against the API:

```
$plugin = new Soter_Core\Package( 'contact-form-7', Soter_Core\Package::TYPE_PLUGIN, '4.9' );
$response = $client->check( $plugin );

$theme = new Soter_Core\Package( 'twentyfifteen', Soter_Core\Package::TYPE_THEME, '1.8' );
$response = $client->check( $theme );

// WordPress "slug" is the version string stripped of periods.
$wordpress = new Soter_Core\Package( '481', Soter_Core\Package::TYPE_WORDPRESS, '4.8.1' );
$response = $client->check( $wordpress );
```

Responses will be an instance of `Soter_Core\Response`. You can check package vulnerabilities using the following methods:

`->has_vulnerabilities()` - Returns a boolean value indicating whether there are any recorded vulnerabilities for a given package.

`->get_vulnerabilities()` - Returns an instance of `Soter_Core\Vulnerabilities` representing all vulnerabilities that have ever affected a given package.

`->get_vulnerabilities_by_version( string $version = null )` - Returns an instance of `Soter_Core\Vulnerabilities` representing all vulnerabilities which affect a given package at the given version.

`->get_vulnerabilities_for_current_version()` - Returns an instance of `Soter_Core\Vulnerabilities` representing all vulnerabilities which affect a given package at the version checked against the API.

### Checker

[](#checker)

```
$checker = new Soter_Core\Checker(
    new Soter_Core\Api_Client(
        new Soter_Core\Cached_Http_Client(
            new Soter_Core\WP_Http_Client( 'Some user agent string' ),
            new Soter_Core\WP_Transient_Cache( 'unique-prefix', HOUR_IN_SECONDS )
        )
    ),
    new Soter_Core\WP_Package_Manager()
);
```

The following methods are available on a checker instance:

`->check_site( array $ignored = array() )` - Checks the current version of all installed packages (plugins, themes and core) and returns an instance of `Soter_Core\Vulnerabilities`. An optional array of package slugs that should not be checked can be provided.

`->check_plugins( array $ignored = array() )` - Checks the current version of all installed plugins and returns an instance of `Soter_Core\Vulnerabilities`. An optional array of plugin slugs that should not be checked can be provided.

`->check_themes( array $ignored = array() )` - Checks the current version of all installed themes and returns an instance of `Soter_Core\Vulnerabilities`. An optional array of theme slugs that should not be checked can be provided.

`->check_wordpress( array $ignored = array() )` - Checks the current version of WordPress and returns an instance of `Soter_Core\Vulnerabilities`. An optional array of WordPress "slugs" that should not be checked can be provided. Keep in mind that the slug used for WordPress is the version string stripped of periods (e.g. '475' for version 4.7.5).

You can also add any number of callbacks to be run after each package is checked.

Each callback will be called with a `Soter_Core\Vulnerabilities` instance and a `Soter_Core\Response` instance.

As a simple example, you might do something like the following to log error responses for debugging purposes:

```
$checker->add_post_check_callback( function( $vulnerabilities, $response ) {
    if ( ! $response->is_error() ) {
        return;
    }

    // Ex: "Error checking plugin not-a-real-plugin with message: Non-200 status code received"
    $this->logger->debug( 'Error checking {type} {slug} with message: {message}', [
        'message' => $response->error['message'],
        'slug' => $response->get_package()->get_slug(),
        'type' => $response->get_package()->get_type(),
    ] );
} );
```

###  Health Score

25

—

LowBetter than 36% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~123 days

Total

2

Last Release

3200d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/10903810?v=4)[ssnepenthe](/maintainers/ssnepenthe)[@ssnepenthe](https://github.com/ssnepenthe)

---

Top Contributors

[![ssnepenthe](https://avatars.githubusercontent.com/u/10903810?v=4)](https://github.com/ssnepenthe "ssnepenthe (88 commits)")

---

Tags

phpvulnerabilitieswordpresswpscan-vulnerability-databasewpvulndb

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/ssnepenthe-soter-core/health.svg)

```
[![Health](https://phpackages.com/badges/ssnepenthe-soter-core/health.svg)](https://phpackages.com/packages/ssnepenthe-soter-core)
```

###  Alternatives

[exsyst/swagger

A php library to manipulate Swagger specifications

35816.3M7](/packages/exsyst-swagger)[hubspot/api-client

Hubspot API client

24015.5M18](/packages/hubspot-api-client)[pocketmine/bedrock-protocol

An implementation of the Minecraft: Bedrock Edition protocol in PHP

172437.8k11](/packages/pocketmine-bedrock-protocol)[botman/driver-telegram

Telegram driver for BotMan

94452.6k6](/packages/botman-driver-telegram)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)