[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2Nb3H3UdNDCLHbYwnNLEhrJJewC8wvqRhGZoEbT00oQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":167,"fingerprints":234},"append-link-on-copy","Append Link on Copy","0.2","JonathanMH","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonathanmh_com\u002F","\u003Cp>With this Plugin you can automatically add text or html to content that is copied from your page.\u003C\u002Fp>\n\u003Cp>If a visitor copies any kind of text from the website, a link to the page is appended, so if it is pasted elsewhere, a link to the page is maintained.\u003C\u002Fp>\n\u003Cp>right now you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>specify the Read more link text, default: Read more at:\u003C\u002Fli>\n\u003Cli>how many \u003Cbr \u002F> tags should be inserted below the copied text and the link or copyright notice\u003C\u002Fli>\n\u003Cli>specify if you want the current page title included\u003C\u002Fli>\n\u003Cli>make every copy link to the main page\u003C\u002Fli>\n\u003Cli>decide if you want the site title to be appended\u003C\u002Fli>\n\u003Cli>see previews of HTML and text versions of the copied text and link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I plan to increase the functionality with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>some internationalisation\u003C\u002Fli>\n\u003Cli>if somebody wants to contribute legacy IE support I’ll include that\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Suggestions welcome\u003C\u002Fh3>\n\u003Cp>project on github: https:\u002F\u002Fgithub.com\u002FJonathanMH\u002FAppend-Link-on-Copy\u003C\u002Fp>\n\u003Cp>Contributer wanted for GPLv3 support\u003C\u002Fp>\n","This plugin allows the user to automatically append a link to the current page, when users copy & paste a title or any line.",900,15749,74,11,"2015-01-15T22:18:00.000Z","4.8.28","2.8","",[20,21,22,23,24],"add-text-to-copy-and-paste","append-link","copyright","javscript","js","http:\u002F\u002Fjonathanmh.com\u002Fwordpress-plugin-append-link-on-copy\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappend-link-on-copy.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-57941","append-link-on-copy-authenticated-administrator-stored-cross-site-scripting","Append Link on Copy \u003C= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Append Link on Copy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=0.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 15:27:10",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7319ca86-0575-4d52-9ca2-1527d7394748?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":13,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"jonathanmh_com",2,1100,30,76,"2026-04-05T14:24:01.496Z",[54,74,100,125,146],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":62,"num_ratings":62,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":18,"download_link":72,"security_score":73,"vuln_count":62,"unpatched_count":62,"last_vuln_date":37,"fetched_at":30},"add-backlink-or-copy-protection","Add Backlink or Copy Protection","1.0.0","Kislitsin Dmitrii","https:\u002F\u002Fprofiles.wordpress.org\u002Fctpaep\u002F","\u003Cp>The “Add Backlink or Copy Protection” plugin automatically appends a backlink to your site when users copy text from it.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n","Automatically adds a backlink to your site when you copy text from it.",0,653,"2025-01-31T18:03:00.000Z","6.7.5","5.5","7.4",[69,70,22,24,71],"backlink","copy","protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-backlink-or-copy-protection.1.0.0.zip",92,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":96,"download_link":97,"security_score":98,"vuln_count":28,"unpatched_count":62,"last_vuln_date":99,"fetched_at":30},"custom-css-js","Simple Custom CSS and JS","3.52","SilkyPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fdiana_burduja\u002F","\u003Cp>Customize your WordPress site’s appearance by easily adding custom CSS and JS code without even having to modify your theme or plugin files. This is perfect for adding custom CSS tweaks to your site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text editor\u003C\u002Fstrong> with syntax highlighting \u003C\u002Fli>\n\u003Cli>Print the code \u003Cstrong>inline\u003C\u002Fstrong> or included into an \u003Cstrong>external file\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Print the code in the \u003Cstrong>header\u003C\u002Fstrong> or the \u003Cstrong>footer\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add CSS or JS to the \u003Cstrong>frontend\u003C\u002Fstrong> or the \u003Cstrong>admin side\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add as many codes as you want\u003C\u002Fli>\n\u003Cli>Keep your changes also when you change the theme\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add Custom CSS or JS to your website with an awesome editor.",700000,10074700,88,101,"2026-03-06T19:56:00.000Z","6.9.4","3.0.1","5.2.4",[91,92,93,94,95],"add-style","custom-css","custom-js","customize-theme","site-css","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-js.3.52.zip",100,"2017-07-24 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":122,"download_link":123,"security_score":124,"vuln_count":62,"unpatched_count":62,"last_vuln_date":37,"fetched_at":30},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[117,118,119,120,121],"admin","api","json","rest","rest-api","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",85,{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":84,"num_ratings":135,"last_updated":136,"tested_up_to":87,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":144,"download_link":145,"security_score":98,"vuln_count":62,"unpatched_count":62,"last_vuln_date":37,"fetched_at":30},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[140,141,142,121,143],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":110,"num_ratings":156,"last_updated":157,"tested_up_to":158,"requires_at_least":159,"requires_php":18,"tags":160,"homepage":165,"download_link":166,"security_score":98,"vuln_count":62,"unpatched_count":62,"last_vuln_date":37,"fetched_at":30},"clear-cache-for-widgets","Clear Cache for Me","2.4.2","webheadcoder","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebheadllc\u002F","\u003Cp>W3 Total Cache and WP Super Cache are great caching plugins, but they do not know when a widget is updated.  WPEngine is the best place to host your WordPress installation, but their caching system is no smarter when it comes to updating widgets and menus.  I created this plugin because my website did not see any changes when saving widgets or menus using these caching systems.  Clear Cache For Me will purge ALL your cache each time you do a save without having to press an additional button.  It may be overkill, which may be why it’s not built in, but some people need simplicity.\u003C\u002Fp>\n\u003Cp>In addition to clearing those pesky caching engines, Clear Cache for Me can force your browser to reload your current theme’s CSS and JS files.  I modify my theme’s CSS and JS files every so often and always have trouble with the browser not getting the latest version.  So now after clicking on the “Clear Cache Now!” button on the dashboard the browser will be forced to reload the current theme’s CSS and JS files.  If you do not click the “Clear Cache Now!” button, the browser will cache the CSS and JS files like it normally does.\u003C\u002Fp>\n\u003Cp>The popular Qode themes has a options to set your own custom CSS and JS.  Sometimes you may not see your changes for a long while because your browser is trying to get the cached file.  Whenever you save your Qode’s options, the CSS and JS files will be forced to reload in the browser on the public side.\u003C\u002Fp>\n\u003Cp>Works with the following caching plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Autoptimize\u003C\u002Fli>\n\u003Cli>Breeze Cache\u003C\u002Fli>\n\u003Cli>Cache Enabler\u003C\u002Fli>\n\u003Cli>GoDaddy Cache\u003C\u002Fli>\n\u003Cli>Kinsta Cache\u003C\u002Fli>\n\u003Cli>LiteSpeed Cache\u003C\u002Fli>\n\u003Cli>Elementor (CSS cache)\u003C\u002Fli>\n\u003Cli>Premium Addons for Elementor\u003C\u002Fli>\n\u003Cli>SiteGround SuperCacher\u003C\u002Fli>\n\u003Cli>Super Page Cache\u003C\u002Fli>\n\u003Cli>WP Fastest Cache\u003C\u002Fli>\n\u003Cli>WP Optimize Cache\u003C\u002Fli>\n\u003Cli>WP Rocket\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WPEngine Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Clears all cache for following actions (requires a caching system above to be active):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When Widgets are saved.\u003C\u002Fli>\n\u003Cli>When Customizer is saved.\u003C\u002Fli>\n\u003Cli>When Menus are saved.\u003C\u002Fli>\n\u003Cli>When a fields in Advanced Custom Fields are saved.\u003C\u002Fli>\n\u003Cli>When a Contact Form 7 form is saved.\u003C\u002Fli>\n\u003Cli>When a Formidable Form form is saved.\u003C\u002Fli>\n\u003Cli>When WooThemes settings are saved.\u003C\u002Fli>\n\u003Cli>When NextGen Gallery albums and galleries are updated (beta – may not clear cache on all actions).\u003C\u002Fli>\n\u003Cli>When Qode options are saved this plugin forces browsers to reload the custom css and custom js.\u003C\u002Fli>\n\u003Cli>When a WP Forms forms or settings are saved.\u003C\u002Fli>\n\u003Cli>When WooCommerce settings are saved. (Cache should already be clearing when products are saved.)\u003C\u002Fli>\n\u003Cli>When settings from the Insert Headers and Footers plugin by WPBeginner are saved.  \u003C\u002Fli>\n\u003Cli>When Settings from a settings page is saved.  This includes settings from WordPress core, Yoast SEO, and most other plugins using the Settings API.\u003C\u002Fli>\n\u003Cli>When WordPress is updated.\u003C\u002Fli>\n\u003Cli>When plugins are updated, activated, and deactivated.\u003C\u002Fli>\n\u003Cli>When WordPress, plugins, and themes are automaticallly updated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebheadcoder.com\u002Fclear-cache-for-me\u002F\" rel=\"nofollow ugc\">See the plugin’s homepage for more details\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Note:  Since some caching systems run in the \u003Ccode>shutdown\u003C\u002Fcode> hook, this plugin also runs in that hook.  This means if PHP does not have enough time, some code including any hooks within the \u003Ccode>ccfm_clear_cache_for_all()\u003C\u002Fcode> function are not guaranteed to run.  If you need code to run, consider using the \u003Ccode>ccfm_clear_cache_for_me_setup\u003C\u002Fcode> hook.\u003C\u002Fp>\n\u003Ch3>Developer Options\u003C\u002Fh3>\n\u003Ch4>ccfm_supported_caching_exists\u003C\u002Fh4>\n\u003Cp>Use this filter to determine if this plugin should do anything including showing the button on the dashboard.  Return true if a caching system is supported.\u003Cbr \u002F>\nDefault: True if any of the supported caching systems is active.\u003Cbr \u002F>\nSee Example 1 below.\u003C\u002Fp>\n\u003Ch4>ccfm_admin_init or ccfm_init_actions\u003C\u002Fh4>\n\u003Cp>Use this action to add hooks when cache is to be cleared.  Or do any other setup activity.\u003C\u002Fp>\n\u003Ch4>ccfm_clear_cache_for_me_before\u003C\u002Fh4>\n\u003Cp>Use this action to clear cache from an unsupported caching system before the default caching systems clear their cache.\u003C\u002Fp>\n\u003Ch4>ccfm_clear_cache_for_me\u003C\u002Fh4>\n\u003Cp>Use this action to clear cache from an unsupported caching system after the default caching systems clear their cache.\u003C\u002Fp>\n\u003Ch4>Example\u003C\u002Fh4>\n\u003Cp>If you were using an unsupported caching system you’ll need to identify the caching plugin’s class or function which clears the cache.  As an example, if the unsupported caching system called the \u003Ccode>MyOtherCache::clear_all()\u003C\u002Fcode> function, you would use the following code to get this plugin to clear the cache.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\nfunction my_other_cache_enable( $return = false ) {\n    if ( class_exists( 'MyOtherCache' ) )\n        return true;\n    return $return;\n}\nadd_filter('ccfm_supported_caching_exists', 'my_other_cache_enable');\n\nfunction my_other_cache_clear() {\n    if ( my_other_cache_enable() )\n        MyOtherCache::clear_all();\n}\nadd_action('ccfm_clear_cache_for_me', 'my_other_cache_clear');\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Purges cache on WPEngine, W3TC, WP Super Cache, WP Fastest Cache when widgets, menus, settings update.  Forces browsers to reload CSS and JS files.",40000,728677,29,"2025-06-09T02:36:00.000Z","6.8.5","3.8",[161,162,163,24,164],"cache","clear","css","purge","https:\u002F\u002Fwebheadcoder.com\u002Fclear-cache-for-me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclear-cache-for-widgets.2.4.2.zip",{"attackSurface":168,"codeSignals":188,"taintFlows":218,"riskAssessment":219,"analyzedAt":233},{"hooks":169,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":62,"unprotectedCount":62},[170,175,179,182],{"type":171,"name":172,"callback":172,"file":173,"line":174},"action","init","index.php",25,{"type":171,"name":176,"callback":177,"file":173,"line":178},"wp","load_script",26,{"type":171,"name":180,"callback":180,"file":173,"line":181},"admin_menu",28,{"type":171,"name":183,"callback":183,"file":173,"line":156},"admin_init",[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":62,"externalRequests":62,"nonceChecks":62,"capabilityChecks":62,"bundledLibraries":217},[],{"prepared":62,"raw":62,"locations":191},[],{"escaped":62,"rawEcho":14,"locations":193},[194,197,199,201,203,205,207,209,211,213,215],{"file":173,"line":195,"context":196},158,"raw output",{"file":173,"line":198,"context":196},196,{"file":173,"line":200,"context":196},198,{"file":173,"line":202,"context":196},199,{"file":173,"line":204,"context":196},200,{"file":173,"line":206,"context":196},203,{"file":173,"line":208,"context":196},208,{"file":173,"line":210,"context":196},212,{"file":173,"line":212,"context":196},217,{"file":173,"line":214,"context":196},222,{"file":173,"line":216,"context":196},233,[],[],{"summary":220,"deductions":221},"The \"append-link-on-copy\" plugin version 0.2 presents a mixed security posture.  While the static analysis reveals a commendable lack of dangerous functions, raw SQL queries, and external HTTP requests, and importantly, a complete absence of identified attack surface points like AJAX handlers, REST API routes, and shortcodes, there are significant concerns.  The most alarming finding is that 100% of output is not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the context of a user's browser.  Furthermore, the plugin has a history of known vulnerabilities, specifically a medium-severity Cross-Site Scripting issue that remains unpatched. This indicates a pattern of insecure coding practices that have led to exploitable flaws.  Despite the clean static analysis of entry points, the lack of output escaping and the presence of an unpatched XSS vulnerability are critical weaknesses that outweigh the apparent strengths.",[222,225,228,231],{"reason":223,"points":224},"Unpatched medium severity CVE exists",18,{"reason":226,"points":227},"100% of outputs are not properly escaped",20,{"reason":229,"points":230},"No nonce checks present",5,{"reason":232,"points":230},"No capability checks present","2026-03-16T19:14:09.462Z",{"wat":235,"direct":241},{"assetPaths":236,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[237],"\u002Fwp-content\u002Fplugins\u002Fappend-link-on-copy\u002Fjs\u002Fappend_link.js",[],[237],[],{"cssClasses":242,"htmlComments":243,"htmlAttributes":245,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":254},[],[244],"Notice: Even though the text preview may not show the link, many web systems automatically link everything starting with http:\u002F\u002F, also everything copied from the front page, will not append the site title",[246,247,248,249,250],"name=\"append_link_on_copy_options[readmore]\"","name=\"append_link_on_copy_options[prepend_break]\"","name=\"append_link_on_copy_options[add_site_name]\"","name=\"append_link_on_copy_options[use_title]\"","name=\"append_link_on_copy_options[always_link_site]\"",[],[253],"append_link",[]]