[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIirW25bkdDqAKPYQgtTHLr5A8ZUWyoSmeRl5uKIkoH8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":136,"fingerprints":230},"advanced-wp-rest-api","Advanced WP REST API","1.3","Galaxy Weblinks","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxyweblinks\u002F","\u003Cp>Advanced WP REST API is a WP REST API plugin that provides custom endpoints, to the WordPress REST API. You can enable API routes through a convenient settings panel and then manage the API requests and responses.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Validate the user\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Handle Post request\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Handle User request\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Handle Product request\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The API method must be a POST method.\u003C\u002Fp>\n\u003Cp>Here’s a link to the documentation for the plugin. This will help you learn more about its features and how to use it.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fwp-plugins\u002Fadvanced-wp-rest-api\u002Fdoc\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For any feedback or queries regarding this plugin, please contact our \u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Support team\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin provides custom endpoints to the WordPress REST API.",200,4654,0,"2025-04-24T05:38:00.000Z","6.8.5","5.0","7.4",[19,20,21,22,23],"endpoint-api","rest-api","wp-login-api","wp-post-api","wp-rest-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-wp-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-wp-rest-api.1.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"galaxyweblinks",40,24800,97,310,77,"2026-04-04T07:03:50.296Z",[39,63,84,99,117],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":15,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":49,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":28},"wp-rest-cache","WP REST Cache","2026.1.3","Acato","https:\u002F\u002Fprofiles.wordpress.org\u002Facato\u002F","\u003Cp>Are you facing speed issues, using the WordPress REST API? This plugin will allow WordPress to cache the responses of the REST API, making it much faster.\u003C\u002Fp>\n\u003Cp>This plugin offers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Caching of all default WordPress REST API \u003Ccode>GET\u003C\u002Fcode>-endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) post type endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) taxonomy endpoints.\u003C\u002Fli>\n\u003Cli>Automated flushing of caches if (some of) its contents are edited.\u003C\u002Fli>\n\u003Cli>Manual flushing of all caches.\u003C\u002Fli>\n\u003Cli>Manual flushing of specific caches.\u003C\u002Fli>\n\u003Cli>A counter how many times a cache has been retrieved.\u003C\u002Fli>\n\u003Cli>Specifying after what time the cache should be timed out.\u003C\u002Fli>\n\u003Cli>Registering custom endpoints for caching.\u003C\u002Fli>\n\u003Cli>Automatic cache regeneration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WP REST Cache Pro\u003C\u002Fstrong>\u003Cbr \u002F>\nFor more advanced features, check out our \u003Ca href=\"https:\u002F\u002Fplugins.acato.nl\u002F\" rel=\"nofollow ugc\">WP REST Cache Pro\u003C\u002Fa> plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure custom endpoints for caching through the wp-admin interface.\u003C\u002Fli>\n\u003Cli>Configure relationships within endpoints.\u003C\u002Fli>\n\u003Cli>No coding required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-cache\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>After activation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Must-Use’ (or ‘My Sites > Network Admin > Plugins > Must-Use’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Check if the ‘WP REST Cache – Must-Use Plugin’ is there, if not copy the file \u003Ccode>wp-rest-cache.php\u003C\u002Fcode> from the \u003Ccode>\u002Fsources\u003C\u002Fcode> folder of the WP REST Cache Plugin to the folder \u003Ccode>\u002Fwp-content\u002Fmu-plugins\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Optionally:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe default timeout for caches generated by the WP REST Cache plugin is set to 1 year. If you want to change this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Visit ‘Settings > WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Change the Cache timeout.\u003C\u002Fli>\n\u003C\u002Fol>\n","Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.",10000,366709,98,42,"2026-03-03T09:38:00.000Z","4.7","7.0",[55,56,57,58,23],"api","cache","rest","rest-cache","https:\u002F\u002Fwww.acato.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-cache.2026.1.3.zip",1,"2025-07-28 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":52,"requires_php":77,"tags":78,"homepage":81,"download_link":82,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-rest-api-log","REST API Log","1.7.0","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>WordPress plugin to log \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa> requests and responses (for v2 of the API).\u003C\u002Fp>\n\u003Cp>Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress admin page to view and search log entries\u003C\u002Fli>\n\u003Cli>API endpoint to access log entries via JSON\u003C\u002Fli>\n\u003Cli>Filters to customize logging\u003C\u002Fli>\n\u003Cli>Custom endpoint logging\u003C\u002Fli>\n\u003Cli>ElasticPress logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Roadmap\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better search capabilities for log entries via the REST API endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin to log REST API requests and responses",5000,113000,72,24,"2025-01-02T16:29:00.000Z","6.7.5","",[55,79,20,80,23],"json","wp-api","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-log.1.7.0.zip",92,{"slug":85,"name":86,"version":87,"author":67,"author_profile":68,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":26,"num_ratings":92,"last_updated":93,"tested_up_to":76,"requires_at_least":94,"requires_php":77,"tags":95,"homepage":97,"download_link":98,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"rest-api-toolbox","REST API Toolbox","1.4.4","\u003Cp>Allows tweaking of several REST API settings\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable the REST API\u003C\u002Fli>\n\u003Cli>Remove WordPress core endpoints\u003C\u002Fli>\n\u003Cli>Require authentication for core endpoints\u003C\u002Fli>\n\u003Cli>Force SSL\u003C\u002Fli>\n\u003Cli>WP-CLI commands: wp rest-api-toolbox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on GitHub at https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-toolbox\u003C\u002Fp>\n\u003Cp>(Creative commons toolbox image provided by James Tworow https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fsherlock77\u002F)\u003C\u002Fp>\n","Allows tweaking of several REST API settings",2000,40876,8,"2025-01-02T16:18:00.000Z","4.4",[96,57,20,23],"json-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api-toolbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-toolbox.1.4.4.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":90,"downloaded":107,"rating":26,"num_ratings":92,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":77,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",107511,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[79,112,113,80,23],"json-rest-api","menus","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",85,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":90,"downloaded":125,"rating":26,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":52,"requires_php":129,"tags":130,"homepage":77,"download_link":135,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-api-swaggerui","WP API SwaggerUI","1.1.2","agussuroyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fagussuroyo\u002F","\u003Cp>SwaggerUI used to make WordPress REST API endpoint have a interactive UI, so we can check our API endpoint directly from the website it self\u003C\u002Fp>\n\u003Cp>Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for GET, POST, PUT, PATCH and DELETE request method\u003C\u002Fli>\n\u003Cli>Support for Auth Basic authorization method\u003C\u002Fli>\n\u003Cli>Choose which namespace API that will be used on the SwaggerUI\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress REST API with Swagger UI.",63277,11,"2022-07-10T14:14:00.000Z","5.9.13","5.4",[131,132,133,134,23],"swaggerui","swaggerui-rest-api","wp-swagger-rest-api","wp-swaggerui","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-swaggerui.1.2.0.zip",{"attackSurface":137,"codeSignals":210,"taintFlows":218,"riskAssessment":219,"analyzedAt":229},{"hooks":138,"ajaxHandlers":176,"restRoutes":177,"shortcodes":208,"cronEvents":209,"entryPointCount":92,"unprotectedCount":92},[139,145,149,153,159,163,168,170,171,172,173,174],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_enqueue_scripts","awpr_callback_for_setting_up_scripts","advanced-wp-rest-api.php",15,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_init","register_awpr_plugin_settings",27,{"type":140,"name":150,"callback":151,"file":143,"line":152},"admin_menu","AWPR_register_options_page",29,{"type":154,"name":155,"callback":156,"priority":157,"file":143,"line":158},"filter","plugin_action_links","awpr_settings_link",10,104,{"type":154,"name":160,"callback":161,"priority":157,"file":143,"line":162},"plugin_row_meta","awpr_add_custom_plugin_links",118,{"type":140,"name":164,"callback":165,"file":166,"line":167},"rest_api_init","gwl_rest_api_endpoints","apis\\class-gwl-register-route-api.php",13,{"type":140,"name":141,"callback":142,"file":169,"line":144},"trunk\\advanced-wp-rest-api.php",{"type":140,"name":146,"callback":147,"file":169,"line":148},{"type":140,"name":150,"callback":151,"file":169,"line":152},{"type":154,"name":155,"callback":156,"priority":157,"file":169,"line":158},{"type":154,"name":160,"callback":161,"priority":157,"file":169,"line":162},{"type":140,"name":164,"callback":165,"file":175,"line":167},"trunk\\apis\\class-gwl-register-route-api.php",[],[178,185,190,195,200,202,204,206],{"namespace":179,"route":180,"methods":181,"callback":183,"permissionCallback":27,"file":166,"line":184},"api\u002Fv2","\u002Fuser\u002Flogin",[182],"POST","gwl_rest_user_login_endpoint_handler",37,{"namespace":179,"route":186,"methods":187,"callback":188,"permissionCallback":27,"file":166,"line":189},"\u002FpostsData\u002F",[182],"gwl_rest_posts_metadata_endpoint_handler",56,{"namespace":179,"route":191,"methods":192,"callback":193,"permissionCallback":27,"file":166,"line":194},"\u002FusersData\u002F",[182],"gwl_rest_users_metadata_endpoint_handler",75,{"namespace":179,"route":196,"methods":197,"callback":198,"permissionCallback":27,"file":166,"line":199},"\u002FproductsData\u002F",[182],"gwl_rest_products_endpoint_handler",94,{"namespace":179,"route":180,"methods":201,"callback":183,"permissionCallback":27,"file":175,"line":184},[182],{"namespace":179,"route":186,"methods":203,"callback":188,"permissionCallback":27,"file":175,"line":189},[182],{"namespace":179,"route":191,"methods":205,"callback":193,"permissionCallback":27,"file":175,"line":194},[182],{"namespace":179,"route":196,"methods":207,"callback":198,"permissionCallback":27,"file":175,"line":199},[182],[],[],{"dangerousFunctions":211,"sqlUsage":212,"outputEscaping":214,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":217},[],{"prepared":13,"raw":13,"locations":213},[],{"escaped":215,"rawEcho":13,"locations":216},12,[],[],[],{"summary":220,"deductions":221},"The advanced-wp-rest-api plugin, version 1.3, exhibits a significant security concern due to its extensive REST API attack surface lacking any permission callbacks. With 8 unprotected REST API routes, this presents a direct risk of unauthorized access and manipulation of data exposed via these endpoints.  While the code analysis shows excellent practices in avoiding dangerous functions, using prepared statements for SQL, and properly escaping output, the absence of authorization checks on all entry points overshadows these strengths.  The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a potentially well-maintained codebase in the past. However, this lack of historical issues doesn't negate the current risks identified in the static analysis. The primary weakness lies in the fundamental security principle of access control, leaving these API routes open to any user, potentially including unauthenticated ones.",[222,225,227],{"reason":223,"points":224},"8 unprotected REST API routes",20,{"reason":226,"points":157},"0 Nonce checks found",{"reason":228,"points":157},"0 Capability checks found","2026-03-16T20:29:35.169Z",{"wat":231,"direct":237},{"assetPaths":232,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[233],"\u002Fwp-content\u002Fplugins\u002Fadvanced-wp-rest-api\u002Fassets\u002Fcss\u002Fcustom.css",[],[],[],{"cssClasses":238,"htmlComments":242,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":246,"shortcodeOutput":247},[239,240,241],"awpr_main","awpr--notice","awpr-api-table",[],[],[245],"\u002Fwp-json\u002Fadvanced-wp-rest-api\u002F",[],[]]