[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7_A4l5nOsPK7FdUM3nOhjeSrWHSwRL_KDtAbFZFRB7k":3,"$frGcYXyOSqvQCaOnh8sUQuqvVRu8MDvIJ5nmidyv-CGc":104,"$fgSge3AwRXSYA3jZlcl8nfjjHhqrHPlTzpMA4S0neJxs":109},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":8,"download_link":18,"security_score":19,"vuln_count":11,"unpatched_count":11,"last_vuln_date":20,"fetched_at":21,"discovery_status":22,"vulnerabilities":23,"developer":24,"crawl_stats":20,"alternatives":29,"analysis":30,"fingerprints":74},"api-write-blocker","API Write Blocker","1.0","teamredfox","https:\u002F\u002Fprofiles.wordpress.org\u002Fteamredfox\u002F","\u003Cp>\u003Cstrong>API Write Blocker\u003C\u002Fstrong> is a security-focused plugin that prevents unauthorized or anonymous users from executing write operations through REST API, XML-RPC, and Admin-Ajax interfaces.\u003C\u002Fp>\n\u003Cp>Unlike generic API blockers, this plugin enables \u003Cem>fine-grained control\u003C\u002Fem> over which HTTP methods (POST, PUT\u002FPATCH, DELETE) are allowed, supports whitelist-based exceptions, and protects core endpoints without interfering with legitimate functionalities such as contact form submissions or plugin integrations.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>REST API Method-Level Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\n* Independently block POST, PUT\u002FPATCH, and DELETE requests.\u003Cbr \u002F>\n* Whitelist specific REST routes (prefix match supported) to allow legitimate access (e.g., contact forms).\u003Cbr \u002F>\n* Configure a custom HTTP status code and error message per request type.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>XML-RPC Write Operation Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable only dangerous write-related XML-RPC methods (e.g., \u003Ccode>wp.newPost\u003C\u002Fcode>, \u003Ccode>metaWeblog.editPost\u003C\u002Fcode>) while keeping harmless calls untouched.\u003Cbr \u002F>\n* Return a custom status code and error message for blocked XML-RPC operations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin-Ajax Write Protection\u003C\u002Fstrong>\u003Cbr \u002F>\n* Blocks known sensitive write-related Ajax actions (e.g., \u003Ccode>save-post\u003C\u002Fcode>, \u003Ccode>upload-attachment\u003C\u002Fcode>) for unauthenticated users.\u003Cbr \u002F>\n* Whitelist specific actions used by safe plugins like Contact Form 7.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Flexible Exceptions\u003C\u002Fstrong>\u003Cbr \u002F>\n* Authenticated users are always allowed by default.\u003Cbr \u002F>\n* IP Whitelist support (including CIDR ranges) for external systems or trusted clients.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Custom Response Messages\u003C\u002Fstrong>\u003Cbr \u002F>\n* Return custom error messages and HTTP status codes for each interface: REST, XML-RPC, and Admin-Ajax.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for hardening your WordPress site without breaking functionality.\u003C\u002Fp>\n","A plugin to control the operation of admin-ajax.php, REST API, and xmlrpc.",0,169,"2025-10-26T23:32:00.000Z","6.8.5","6.8","7.4",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapi-write-blocker.1.0.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":19,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},3,30,94,"2026-05-20T01:34:32.701Z",[],{"attackSurface":31,"codeSignals":60,"taintFlows":69,"riskAssessment":70,"analyzedAt":73},{"hooks":32,"ajaxHandlers":56,"restRoutes":57,"shortcodes":58,"cronEvents":59,"entryPointCount":11,"unprotectedCount":11},[33,39,43,48,52],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","admin_menu","apiwrbl_add_admin_menu","api-write-blocker.php",28,{"type":34,"name":40,"callback":41,"file":37,"line":42},"admin_init","apiwrbl_settings_init",29,{"type":44,"name":45,"callback":46,"priority":11,"file":37,"line":47},"filter","rest_pre_dispatch","apiwrbl_rest_pre_dispatch_blocker",647,{"type":44,"name":49,"callback":50,"file":37,"line":51},"xmlrpc_methods","apiwrbl_block_xmlrpc_methods",699,{"type":34,"name":53,"callback":54,"priority":11,"file":37,"line":55},"init","apiwrbl_block_admin_ajax_write",750,[],[],[],[],{"dangerousFunctions":61,"sqlUsage":62,"outputEscaping":64,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":67,"bundledLibraries":68},[],{"prepared":11,"raw":11,"locations":63},[],{"escaped":65,"rawEcho":11,"locations":66},108,[],1,[],[],{"summary":71,"deductions":72},"The \"api-write-blocker\" plugin v1.0 exhibits a strong security posture based on the provided static analysis. The plugin has a zero attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, meaning there are no readily identifiable public entry points for attackers to exploit.  Furthermore, the code demonstrates excellent security practices with no dangerous functions used, all SQL queries employing prepared statements, and 100% of output being properly escaped.  The absence of file operations and external HTTP requests also minimizes potential attack vectors. The plugin also correctly implements a capability check, which is a positive sign of access control.",[],"2026-04-16T13:14:24.702Z",{"wat":75,"direct":80},{"assetPaths":76,"generatorPatterns":77,"scriptPaths":78,"versionParams":79},[],[],[],[],{"cssClasses":81,"htmlComments":85,"htmlAttributes":86,"restEndpoints":101,"jsGlobals":102,"shortcodeOutput":103},[82,83,84],"wrap","form-table","menu-list",[],[87,88,89,90,91,92,93,94,95,96,97,98,99,100],"name=\"apiwrbl_is_enabled\"","name=\"apiwrbl_block_xmlrpc\"","name=\"apiwrbl_allowed_ip\"","name=\"apiwrbl_allowed_ajax_actions\"","name=\"apiwrbl_block_rest_post\"","name=\"apiwrbl_block_rest_put_patch\"","name=\"apiwrbl_block_rest_delete\"","name=\"apiwrbl_allowed_rest_routes\"","name=\"apiwrbl_rest_error_message\"","name=\"apiwrbl_rest_status_code\"","name=\"apiwrbl_xmlrpc_error_message\"","name=\"apiwrbl_xmlrpc_status_code\"","name=\"apiwrbl_ajax_error_message\"","name=\"apiwrbl_ajax_status_code\"",[],[],[],{"error":105,"url":106,"statusCode":107,"statusMessage":108,"message":108},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fapi-write-blocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":67,"versions":110},[111],{"version":6,"download_url":18,"svn_tag_url":112,"released_at":20,"has_diff":113,"diff_files_changed":114,"diff_lines":20,"trac_diff_url":20,"vulnerabilities":115,"is_current":105},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fapi-write-blocker\u002Ftags\u002F1.0\u002F",false,[],[]]