[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcf6iE189YcqQR3Xwcx2C45IYed-ZG8eViJbE0HEu6Pk":3,"$feHFInzE87N9OR7RmCOSMB0bP8IJnwst1UkAznhoZY1U":242,"$fhDrg5Aw5n-tyYTOuzbIzylhKVlr9qhhJWMlFUY32mjY":246},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":136,"fingerprints":206},"api-grid-viewer","API Grid Viewer","1.0","gladwingt","https:\u002F\u002Fprofiles.wordpress.org\u002Fgladwingt\u002F","\u003Cp>\u003Cstrong>API Grid Viewer\u003C\u002Fstrong> allows you to test and view JSON API responses directly within the WordPress admin panel. It supports various authentication methods, dynamic parameter management, and displays results in a structured format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Test JSON APIs with different authentication options (None, Key, Bearer, Basic).\u003C\u002Fli>\n\u003Cli>Dynamically add parameters to your API request.\u003C\u002Fli>\n\u003Cli>View the API response as a table or formatted JSON.\u003C\u002Fli>\n\u003Cli>Search through the API response results.\u003C\u002Fli>\n\u003Cli>Download the response in json.\u003C\u002Fli>\n\u003Cli>Works with no external libraries, using jQuery and native WordPress functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Banner\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Small Banner: \u003C\u002Fli>\n\u003Cli>Large Banner: \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Icons\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Icon 128×128: \u003C\u002Fli>\n\u003Cli>Icon 256×256: \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the “Buy Me a Coffee” service to allow users to support the developer through donations. The service enables users to make one-time contributions to support creators and developers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What the service is and what it is used for:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe “Buy Me a Coffee” service provides a platform for users to financially support creators, developers, and artists. This plugin includes a button that allows users to make donations to the plugin author directly via their Buy Me a Coffee page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent and when:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen a user clicks the “Buy Me a Coffee” button in the plugin, they are redirected to the Buy Me a Coffee website. At that point, the following data may be shared:\u003Cbr \u002F>\n– The user’s click action is recorded by Buy Me a Coffee, which may include referral data indicating that the user came from this plugin.\u003C\u002Fp>\n\u003Cp>No personal data is collected or sent by this plugin itself; the transaction and any data handling are managed entirely by the Buy Me a Coffee service once the user is redirected.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Links to the service’s terms of service and privacy policy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fterms\" rel=\"nofollow ugc\">Buy Me a Coffee Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fprivacy\" rel=\"nofollow ugc\">Buy Me a Coffee Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please review these documents to understand how your data is handled when using this service.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin for testing complex JSON APIs directly from the admin panel. Simple, secure, and lightweight with no external libraries.",10,738,0,"2024-10-24T20:28:00.000Z","6.6.5","5.0","",[19,20,21,22,23],"api","grid","postman","rest-api","viewer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapi-grid-viewer.1.0.zip",92,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,88,"2026-05-19T23:28:32.524Z",[36,57,76,94,116],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":13,"downloaded":44,"rating":45,"num_ratings":31,"last_updated":46,"tested_up_to":17,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":56},"acf-for-gridsome","ACF For Gridsome","0.5","Fuat POYRAZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fftpyz\u002F","\u003Cp>Using with gridsome source worpdress\u003Cbr \u002F>\nhttps:\u002F\u002Fgridsome.org\u002Fplugins\u002F@gridsome\u002Fsource-wordpress\u003C\u002Fp>\n\u003Cp>Use for custom acf fields get to rest api neccessery plugin for wordpress\u003C\u002Fp>\n","Using with gridsome source worpdress https:\u002F\u002Fgridsome.org\u002Fplugins\u002F@gridsome\u002Fsource-wordpress Use for custom acf fields get to rest api neccessery pl …",1199,100,"2020-06-10T04:21:00.000Z","5.1","7.2",[50,51,52],"acf","acf-rest-api","gridsome","https:\u002F\u002Fgithub.com\u002Fftpyz\u002Facf-gridsome","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-for-gridsome.zip",85,"2026-04-06T09:54:40.288Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"mksddn-collection-for-postman","MksDdn Collection for Postman","2.1.1","Max","https:\u002F\u002Fprofiles.wordpress.org\u002Fmksddn\u002F","\u003Cp>MksDdn Collection for Postman helps developers quickly generate a Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for WordPress REST API endpoints. The plugin automatically discovers and includes standard WordPress entities, custom post types, options pages, and individual pages. Generated collections include pre-configured requests with sample data and can be downloaded as JSON files for import into Postman. OpenAPI spec can be used with Swagger UI, Redoc, or frontend code generators.\u003C\u002Fp>\n\u003Cp>The plugin provides comprehensive API testing capabilities with automatic generation of test data for form submissions, support for file uploads via multipart\u002Fform-data, and seamless integration with Advanced Custom Fields (ACF). Special handling is included for the mksddn-forms-handler plugin when active.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Basic REST endpoints: pages, posts, categories, tags, taxonomies, comments, users, settings\u003Cbr \u002F>\n– WooCommerce REST API (wc\u002Fv3): products, product categories, orders with full CRUD when WooCommerce is active\u003Cbr \u002F>\n– Search functionality: Posts, Pages, and All content types with customizable queries\u003Cbr \u002F>\n– Custom Post Types with full CRUD operations (List, Get by Slug\u002FID, Create, Update, Delete)\u003Cbr \u002F>\n– ACF\u002FSCF fields: auto-included for all post types when ACF or Smart Custom Fields plugin is active\u003Cbr \u002F>\n– Special handling for Forms (mksddn-forms-handler integration)\u003Cbr \u002F>\n– Options endpoints: \u003Ccode>\u002Fwp-json\u002Fcustom\u002Fv1\u002Foptions\u002F...\u003C\u002Fcode>\u003Cbr \u002F>\n– Individual pages by slug with ACF field support\u003Cbr \u002F>\n– Automatic test data generation for form submissions\u003Cbr \u002F>\n– Support for multipart\u002Fform-data for file uploads\u003Cbr \u002F>\n– Yoast SEO integration (automatic yoast_head_json inclusion)\u003Cbr \u002F>\n– Multilingual support with Accept-Language headers (Polylang priority)\u003Cbr \u002F>\n– OpenAPI 3.0 export for API documentation (Swagger UI, Redoc)\u003Cbr \u002F>\n– Extensible via WordPress filters\u003Cbr \u002F>\n– WP-CLI integration for command-line usage\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin references external services for Postman Collection schema validation:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Postman Collection Schema Service\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: Postman Collection Schema (schema.getpostman.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: Used to validate and structure the generated Postman Collection JSON according to the official Postman Collection v2.1.0 specification\u003Cbr \u002F>\n– \u003Cstrong>Data sent\u003C\u002Fstrong>: No data is sent to this service. The plugin only references the schema URL for validation purposes\u003Cbr \u002F>\n– \u003Cstrong>When\u003C\u002Fstrong>: The schema URL is included in the generated collection metadata for Postman to validate the collection structure\u003Cbr \u002F>\n– \u003Cstrong>Terms of service\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fterms-of-use\u002F\u003Cbr \u002F>\n– \u003Cstrong>Privacy policy\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin does not send any user data to external services. The schema reference is purely for collection structure validation within the Postman application.\u003C\u002Fp>\n","Generate Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for the WordPress REST API from the admin UI.",553,"2026-04-14T06:15:00.000Z","6.9.4","6.2","8.1",[71,72,73,21,22],"collection","developer-tools","openapi","https:\u002F\u002Fgithub.com\u002Fmksddn\u002FWP-MksDdn-Postman-Collection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmksddn-collection-for-postman.2.1.1.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":32,"num_ratings":86,"last_updated":87,"tested_up_to":17,"requires_at_least":68,"requires_php":88,"tags":89,"homepage":92,"download_link":93,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"woocommerce-legacy-rest-api","WooCommerce Legacy REST API","1.0.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.woocommerce.com\u002F2023\u002F10\u002F03\u002Fthe-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0\u002F\" rel=\"nofollow ugc\">The Legacy REST API will no longer part of WooCommerce as of version 9.0\u003C\u002Fa>. This plugin restores the full functionality of the removed Legacy REST API code in WooCommerce 9.0 and later versions.\u003C\u002Fp>\n\u003Cp>For all intents and purposes, having this plugin installed and active in WooCommerce 9.0 and newer versions is equivalent to enabling the Legacy REST API in WooCommerce 8.9 and older versions (via WooCommerce – Settings – Advanced – Legacy API). All the endpoints work the same way, and existing user keys also continue working.\u003C\u002Fp>\n\u003Cp>On the other hand, installing this plugin together with WooCommerce 8.9 or an older version is safe: the plugin detects that the Legacy REST API is still part of WooCommerce and doesn’t initialize itself as to not interfere with the built-in code.\u003C\u002Fp>\n\u003Cp>Please note that \u003Cstrong>the Legacy REST API is not compatible with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fhigh-performance-order-storage\u002F\" rel=\"nofollow ugc\">High-Performance Order Storage\u003C\u002Fa>\u003C\u002Fstrong>. Upgrading the code that relies on the Legacy REST API to use the current WooCommerce REST API instead is highly recommended.\u003C\u002Fp>\n","The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.",400000,2335738,28,"2025-01-23T18:59:00.000Z","7.4",[22,90,91],"woo","woocommerce","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce-legacy-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-legacy-rest-api.1.0.5.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":114,"download_link":115,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,758515,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[111,19,112,113,22],"admin","json","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":67,"requires_at_least":16,"requires_php":48,"tags":129,"homepage":17,"download_link":132,"security_score":133,"vuln_count":134,"unpatched_count":13,"last_vuln_date":135,"fetched_at":27},"integromat-connector","Make Connector","1.6.6","Make","https:\u002F\u002Fprofiles.wordpress.org\u002Fintegromat\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-make\" rel=\"nofollow ugc\">Make\u003C\u002Fa> is a visual platform that lets you design, build, and automate anything – from simple tasks to complex workflows – in minutes. With Make, you can send information between WordPress and thousands of apps to drive traffic and improve sales potential. It’s fast and easy to use, visually intuitive and requires zero coding expertise.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Here are some of the ways to use WordPress with Make:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add new WordPress users to your CMR and marketing tools, like Salesforce, ActiveCampaign, or Mailchimp\u003C\u002Fli>\n\u003Cli>Create new WordPress posts from incoming webhook data, Google Forms responses, or FreeScout conversations\u003C\u002Fli>\n\u003Cli>Share your WordPress posts on Facebook, Pinterest, or other social media platforms\u003C\u002Fli>\n\u003Cli>Send a message about new WordPress posts to messaging apps, like Slack, Telegram, or Microsoft Teams\u003C\u002Fli>\n\u003Cli>Create database items from your WordPress posts in Notion, MySQL, or any other database app\u003C\u002Fli>\n\u003Cli>Or choose a \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Ftemplates?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-program\" rel=\"nofollow ugc\">template\u003C\u002Fa> to help you get started. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to get started:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fregister?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-program\" rel=\"nofollow ugc\">Sign up for Make\u003C\u002Fa>, and enjoy a free account forever. Or, choose a monthly or yearly plan with advanced features.\u003C\u002Fli>\n\u003Cli>Check \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fhelp\u002Fapps\u002Fwebsite-building\u002Fwordpress#connecting-wordpress-to-make-968742?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-program\" rel=\"nofollow ugc\">Make’s documentation on how to connect WordPress\u003C\u002Fa>. \u003C\u002Fli>\n\u003Cli>Install the plugin, and \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fintegrations\u002Fwordpress?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-program\" rel=\"nofollow ugc\">start building WordPress integrations on Make\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get help from \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fticket?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-program\" rel=\"nofollow ugc\">Make’s Support\u003C\u002Fa> team.\u003Cbr \u002F>\nMake’s \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fterms-and-conditions?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-make\" rel=\"nofollow ugc\">Terms of use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.make.com\u002Fen\u002Fprivacy-notice?utm_source=wordpress&utm_medium=partner&utm_campaign=wordpress-partner-make\" rel=\"nofollow ugc\">Privacy policy\u003C\u002Fa>.\u003C\u002Fp>\n","Make Connector. Make lets you design, build, and automate by connecting with WordPress in just a few clicks.",80000,484415,54,25,"2026-02-09T10:29:00.000Z",[19,130,131,113,22],"integromat","make","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegromat-connector.1.6.6.zip",94,3,"2025-09-03 21:08:50",{"attackSurface":137,"codeSignals":162,"taintFlows":170,"riskAssessment":197,"analyzedAt":205},{"hooks":138,"ajaxHandlers":149,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":161,"unprotectedCount":13},[139,145],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","apigridviewer_plugin_menu","api-grid-viewer.php",15,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_enqueue_scripts","apigridviewer_enqueue_scripts",16,[150,156],{"action":151,"nopriv":152,"callback":153,"hasNonce":154,"hasCapCheck":152,"file":143,"line":155},"proxy_request",false,"apigridviewer_proxy_request",true,17,{"action":151,"nopriv":154,"callback":153,"hasNonce":154,"hasCapCheck":152,"file":143,"line":157},18,[],[],[],2,{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":13,"externalRequests":31,"nonceChecks":31,"capabilityChecks":13,"bundledLibraries":169},[],{"prepared":13,"raw":13,"locations":165},[],{"escaped":167,"rawEcho":13,"locations":168},5,[],[],[171,189],{"entryPoint":172,"graph":173,"unsanitizedCount":13,"severity":188},"apigridviewer_proxy_request (api-grid-viewer.php:38)",{"nodes":174,"edges":186},[175,180],{"id":176,"type":177,"label":178,"file":143,"line":179},"n0","source","$_POST",44,{"id":181,"type":182,"label":183,"file":143,"line":184,"wp_function":185},"n1","sink","wp_remote_get() [SSRF]",67,"wp_remote_get",[187],{"from":176,"to":181,"sanitized":154},"low",{"entryPoint":190,"graph":191,"unsanitizedCount":13,"severity":188},"\u003Capi-grid-viewer> (api-grid-viewer.php:0)",{"nodes":192,"edges":195},[193,194],{"id":176,"type":177,"label":178,"file":143,"line":179},{"id":181,"type":182,"label":183,"file":143,"line":184,"wp_function":185},[196],{"from":176,"to":181,"sanitized":154},{"summary":198,"deductions":199},"The \"api-grid-viewer\" plugin version 1.0 exhibits a generally good security posture based on the provided static analysis. The code demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping all output. The absence of dangerous functions, file operations, and critical\u002Fhigh severity taint flows further reinforces this positive assessment. The plugin also correctly implements nonce checks for its AJAX handlers.\n\nHowever, a notable area for improvement is the lack of explicit capability checks on its AJAX handlers. While nonce checks provide a layer of protection against CSRF attacks, they do not verify whether the logged-in user has the necessary permissions to perform the action. This could potentially allow lower-privileged users to access functionality intended for administrators or other roles, depending on the plugin's internal logic. The presence of external HTTP requests, while only one, could also be a minor concern if the target URL is not trusted or if sensitive data is sent without proper encryption.\n\nThe vulnerability history being completely clear of any recorded CVEs is a significant strength, suggesting a mature and likely well-maintained codebase. This, combined with the positive static analysis findings, indicates that the plugin is currently not known to be vulnerable. Overall, \"api-grid-viewer\" v1.0 presents a low-risk profile, with the primary area for attention being the implementation of capability checks for enhanced authorization.",[200,203],{"reason":201,"points":202},"Missing capability checks on AJAX handlers",8,{"reason":204,"points":134},"External HTTP requests without context","2026-04-16T12:59:15.715Z",{"wat":207,"direct":218},{"assetPaths":208,"generatorPatterns":212,"scriptPaths":213,"versionParams":215},[209,210,211],"\u002Fwp-content\u002Fplugins\u002Fapi-grid-viewer\u002Fcss\u002Fapi-grid-viewer-style.css","\u002Fwp-content\u002Fplugins\u002Fapi-grid-viewer\u002Fimg\u002Fcoffee-cup.svg","\u002Fwp-content\u002Fplugins\u002Fapi-grid-viewer\u002Fimg\u002Fdefault-yellow.png",[],[214],"\u002Fwp-content\u002Fplugins\u002Fapi-grid-viewer\u002Fjs\u002Fapi-grid-viewer-script.js",[216,217],"api-grid-viewer\u002Fcss\u002Fapi-grid-viewer-style.css?ver=","api-grid-viewer\u002Fjs\u002Fapi-grid-viewer-script.js?ver=",{"cssClasses":219,"htmlComments":224,"htmlAttributes":225,"restEndpoints":237,"jsGlobals":239,"shortcodeOutput":241},[220,221,222,223],"mac-input","mac-button","mac-dropdown","api-grid-about-card",[],[226,227,228,229,230,231,232,233,234,235,236],"id=\"apigridviewer-app\"","id=\"url\"","id=\"send-request\"","id=\"auth-type\"","id=\"auth-fields\"","id=\"params\"","id=\"add-param\"","id=\"search-bar\"","id=\"response\"","id=\"download-buttons\"","id=\"download-json\"",[238],"\u002Fwp-json\u002Fapi-grid-viewer\u002F",[240],"apiGridViewer",[],{"error":154,"url":243,"statusCode":244,"statusMessage":245,"message":245},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fapi-grid-viewer\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":31,"versions":247},[248],{"version":6,"download_url":24,"svn_tag_url":249,"released_at":26,"has_diff":152,"diff_files_changed":250,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":251,"is_current":154},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fapi-grid-viewer\u002Ftags\u002F1.0\u002F",[],[]]