[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKS9DpHWWnbDrl5GGboswJe6mrHdAQ5jeiMeL4orrH8I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":132,"fingerprints":530},"atlasly-content-manager","Atlasly Content Manager","1.0.0","ashwathama","https:\u002F\u002Fprofiles.wordpress.org\u002Fashwathama\u002F","\u003Cp>Atlasly helps you build schema-driven data models inside WordPress and use them through REST API and GraphQL.\u003C\u002Fp>\n\u003Cp>Use Atlasly when you need:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Structured content types and entries\u003C\u002Fli>\n\u003Cli>API-first workflows for headless WordPress\u003C\u002Fli>\n\u003Cli>Form submission capture and data storage\u003C\u002Fli>\n\u003Cli>Import\u002Fexport for operational workflows\u003C\u002Fli>\n\u003Cli>Relationship fields and flexible schema design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This free plugin includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Content type builder with 20+ field types\u003C\u002Fli>\n\u003Cli>Entry management with CRUD operations\u003C\u002Fli>\n\u003Cli>REST API endpoints for content types and entries\u003C\u002Fli>\n\u003Cli>GraphQL endpoint for querying data\u003C\u002Fli>\n\u003Cli>File uploads through WordPress media library\u003C\u002Fli>\n\u003Cli>Relationship fields between entries\u003C\u002Fli>\n\u003Cli>Import\u002Fexport in CSV, JSON, and XML\u003C\u002Fli>\n\u003Cli>Setup wizard and admin dashboard\u003C\u002Fli>\n\u003Cli>Basic webhook triggers for create\u002Fupdate\u002Fdelete events\u003C\u002Fli>\n\u003C\u002Ful>\n","Schema-driven content types, entries, REST API, GraphQL, and form capture for modern WordPress projects.",0,179,"","6.9.4","5.0","7.4",[18,19,20,21,22],"custom-fields","form-submissions","graphql","headless-cms","rest-api","https:\u002F\u002Fgithub.com\u002FchandrakantNagpure\u002Fatlasly","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatlasly-content-manager.1.0.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T16:10:59.292Z",[35,59,76,96,116],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":14,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":11,"last_vuln_date":57,"fetched_at":58},"wp-graphql","WPGraphQL","2.10.0","Jason Bahl","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasonbahl\u002F","\u003Cp>WPGraphQL is a free, open-source WordPress plugin that provides an extendable GraphQL schema and API for any WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get Started\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install WPGraphQL: \u003Ccode>wp plugin install wp-graphql --activate\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Try it out: \u003Ca href=\"https:\u002F\u002Frepl.wpgraphql.com\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Read the \u003Ca href=\"https:\u002F\u002Fwpgraphql.com\u002Fdocs\u002Fquick-start\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Join the \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FAGVBqqyaUY\" rel=\"nofollow ugc\">Community on Discord\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\" rel=\"nofollow ugc\">Star the Repo\u003C\u002Fa>!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Flexible API\u003C\u002Fstrong>: Query posts, pages, custom post types, taxonomies, users, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extendable Schema\u003C\u002Fstrong>: Easily add functionality with WPGraphQL’s API, enabling custom integrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatible with Modern Frameworks\u003C\u002Fstrong>: Works seamlessly with \u003Ca href=\"https:\u002F\u002Fvercel.com\u002Fguides\u002Fwordpress-with-vercel\" rel=\"nofollow ugc\">Next.js\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fdocs.astro.build\u002Fen\u002Fguides\u002Fcms\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Astro\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.okupter.com\u002Fblog\u002Fheadless-wordpress-graphql-sveltekit\" rel=\"nofollow ugc\">SvelteKit\u003C\u002Fa>, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized Performance\u003C\u002Fstrong>: Fetch exactly the data you need in a single query. Boost performance with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\u002Ftree\u002Fmain\u002Fplugins\u002Fwp-graphql-smart-cache\" rel=\"nofollow ugc\">WPGraphQL Smart Cache\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WPGraphQL is becoming a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2024\u002F10\u002Fwpgraphql\u002F\" rel=\"ugc\">Canonical Plugin\u003C\u002Fa> on WordPress.org, ensuring long-term support and a growing community of users and contributors.\u003C\u002Fp>\n\u003Ch4>Upgrading\u003C\u002Fh4>\n\u003Cp>It is recommended that anytime you want to update WPGraphQL that you get familiar with what’s changed in the release.\u003C\u002Fp>\n\u003Cp>WPGraphQL publishes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\u002Freleases\" rel=\"nofollow ugc\">release notes on Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WPGraphQL has been following Semver practices for a few years. We will continue to follow Semver and let version numbers communicate meaning. The summary of Semver versioning is as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>MAJOR\u003C\u002Fem> version when you make incompatible API changes,\u003C\u002Fli>\n\u003Cli>\u003Cem>MINOR\u003C\u002Fem> version when you add functionality in a backwards compatible manner, and\u003C\u002Fli>\n\u003Cli>\u003Cem>PATCH\u003C\u002Fem> version when you make backwards compatible bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can read more about the details of Semver at semver.org\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>WPGraphQL uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster and make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK starts gathering basic telemetry data \u003Cstrong>only when a user allows it via the admin notice\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.",30000,1384379,98,48,"2026-03-11T22:53:00.000Z","6.0",[50,20,51,52,22],"decoupled","headless","react","https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-graphql.2.10.0.zip",95,6,"2023-06-28 00:00:00","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":74,"download_link":75,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"mb-rest-api","MB Rest API","2.0.6","Anh Tran","https:\u002F\u002Fprofiles.wordpress.org\u002Frilwis\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetabox.io\u002Fplugins\u002Fmb-rest-api\u002F\" rel=\"nofollow ugc\">\u003Cstrong>MB Rest API\u003C\u002Fstrong>\u003C\u002Fa> is an extension for \u003Ca href=\"https:\u002F\u002Fmetabox.io\" rel=\"nofollow ugc\">Meta Box\u003C\u002Fa> which helps you to get and update custom fields’ values (meta value) from posts, pages, custom post types, terms via the WordPress REST API.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Meta Box Lite\u003C\u002Fstrong>\u003Cbr \u002F>\n  We recommend using \u003Ca href=\"https:\u002F\u002Fmetabox.io\u002Flite\u002F\" rel=\"nofollow ugc\">Meta Box Lite\u003C\u002Fa>, a feature-rich free UI version of Meta Box that provides UI and all free features for managing custom fields and dynamic content on WordPress, including post types, taxonomies, custom fields, and relationships.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Plugin Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetabox.io\u002Fplugins\u002Fmb-rest-api\u002F\" rel=\"nofollow ugc\">Project Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.metabox.io\u002Fextensions\u002Fmb-rest-api\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frilwis\u002Fmb-rest-api\u002F\" rel=\"nofollow ugc\">Github Repo\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See more \u003Ca href=\"https:\u002F\u002Fmetabox.io\u002Fplugins\u002F\" rel=\"nofollow ugc\">Meta Box plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>You might also like\u003C\u002Fh3>\n\u003Cp>If you like this plugin, you might also like our other WordPress products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpslimseo.com\" rel=\"nofollow ugc\">Slim SEO\u003C\u002Fa> – A fast, lightweight and full-featured SEO plugin for WordPress with minimal configuration.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\" rel=\"nofollow ugc\">Falcon\u003C\u002Fa> – A lightweight companion for making WordPress faster, cleaner, and more secure.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgretathemes.com\" rel=\"nofollow ugc\">GretaThemes\u003C\u002Fa> – Free and premium WordPress themes that clean, simple and just work.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpautolistings.com\" rel=\"nofollow ugc\">Auto Listings\u003C\u002Fa> – A car sale and dealership plugin for WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Get and update Meta Box custom fields to the WordPress REST API responses.",1000,39329,"2026-03-09T01:20:00.000Z","4.1","7.0",[18,73,22],"meta-box","https:\u002F\u002Fmetabox.io\u002Fplugins\u002Fmb-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmb-rest-api.2.0.6.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":25,"num_ratings":30,"last_updated":86,"tested_up_to":87,"requires_at_least":15,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"wp-acf-nullify-gatsby","Nullify empty fields for ACF","1.2.4","Jabran Rafique","https:\u002F\u002Fprofiles.wordpress.org\u002Fjabranr\u002F","\u003Cp>Set Advanced Custom Fields (ACF) empty field value as \u003Ccode>null\u003C\u002Fcode> instead of \u003Ccode>false\u003C\u002Fcode> to avoid GraphQL error in GatsbyJS.\u003C\u002Fp>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Advanced Custom Fields (ACF) plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Set Advanced Custom Fields (ACF) empty field value as null instead of false to avoid GraphQL error in GatsbyJS.",90,3459,"2023-09-09T07:55:00.000Z","6.3.8","7.1",[90,91,92,20],"acf","advanced-custom-fields","gatsby","https:\u002F\u002Fgithub.com\u002Fjabranr\u002Fnullify-empty-fields-for-acf","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-acf-nullify-gatsby.1.2.4.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":25,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":13,"tags":110,"homepage":114,"download_link":115,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"wp-rest-api-custom-fields","WP REST API Custom Fields","0.2","Andr&eacute; Boekhorst","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrex84\u002F","\u003Cp>This plugin combines the two of the best WordPress plugins: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-custom-fields\u002F\" title=\"Advanced Custom Fields\" rel=\"ugc\">Advanced Custom Fields\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" title=\"WP REST API\" rel=\"ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is based on the work from\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPanManAms\u002FWP-JSON-API-ACF\" title=\"Panman on Github\" rel=\"nofollow ugc\">Panman on Github\u003C\u002Fa>. He was right when he said it would be better as plugin, but it would be even better if it would be available through the WordPress Plugin Repository.\u003C\u002Fp>\n\u003Cp>An addition made to this plugin is that each ACF Field van be filtered throug the hook: JSON_META_ACFFIELDNAME (where ACFFIELDNAME depends on the fieldname you’ve added in the Advanced Custom Fields backend.)\u003C\u002Fp>\n","Shows Advanced Custom Field output to the WP REST API for posts, pages, taxonomies and users.",70,6503,2,"2015-05-04T13:01:00.000Z","4.2.39","4.2.1",[91,111,112,113,22],"api","json","rest","https:\u002F\u002Fgithub.com\u002Fandreboekhorst\u002Fwp-api-custom-fields\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-custom-fields.0.2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":25,"num_ratings":30,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":13,"download_link":131,"security_score":95,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"ng-wp-endpoints","ng-wp-rest","1.5.0","uiarch","https:\u002F\u002Fprofiles.wordpress.org\u002Fuiarch\u002F","\u003Cp>Easy to use plugin for displaying prettier json data for menus, widgets and sidebars.\u003C\u002Fp>\n\u003Ch3>I’ve got an idea\u002Ffix for the template\u003C\u002Fh3>\n\u003Cp>If you would like to contribute to this template then please fork it and send a pull request. I’ll merge the request if it fits into the goals for the template\u003C\u002Fp>\n","Simple plugin to add rest endpoints to blog for working with a js framework.",1124,"2018-03-26T18:37:00.000Z","4.9.29","4.0","5.6",[130],"rest-api-headless-cms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fng-wp-endpoints.zip",{"attackSurface":133,"codeSignals":369,"taintFlows":438,"riskAssessment":519,"analyzedAt":529},{"hooks":134,"ajaxHandlers":245,"restRoutes":270,"shortcodes":367,"cronEvents":368,"entryPointCount":31,"unprotectedCount":317},[135,141,146,151,157,160,163,166,170,173,175,177,179,181,183,185,187,191,195,199,200,202,206,210,213,217,220,223,226,228,231,234,236,238,240],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","plugins_loaded","closure","atlasly-content-manager.php",28,{"type":136,"name":142,"callback":143,"file":144,"line":145},"admin_menu","add_menu","includes\\Admin\\Pages\\Integration.php",13,{"type":136,"name":147,"callback":148,"file":149,"line":150},"rest_api_init","add_security_headers","includes\\Core\\ApiSecurity.php",11,{"type":152,"name":153,"callback":154,"priority":155,"file":149,"line":156},"filter","rest_pre_dispatch","validate_request",10,12,{"type":136,"name":158,"callback":159,"file":149,"line":145},"send_headers","send_cors_headers",{"type":152,"name":161,"callback":138,"priority":155,"file":149,"line":162},"rest_pre_serve_request",17,{"type":136,"name":142,"callback":142,"file":164,"line":165},"includes\\Core\\Loader.php",34,{"type":136,"name":167,"callback":168,"file":164,"line":169},"admin_enqueue_scripts","enqueue_assets",35,{"type":136,"name":147,"callback":171,"file":164,"line":172},"register",36,{"type":136,"name":147,"callback":171,"file":164,"line":174},37,{"type":136,"name":147,"callback":171,"file":164,"line":176},38,{"type":136,"name":147,"callback":171,"file":164,"line":178},39,{"type":136,"name":147,"callback":171,"file":164,"line":180},40,{"type":136,"name":147,"callback":171,"file":164,"line":182},41,{"type":136,"name":147,"callback":171,"file":164,"line":184},42,{"type":136,"name":147,"callback":171,"file":164,"line":186},43,{"type":136,"name":188,"callback":189,"file":190,"line":145},"network_admin_menu","network_menu","includes\\Core\\Network.php",{"type":136,"name":192,"callback":193,"file":194,"line":150},"init","add_capabilities","includes\\Core\\Permissions.php",{"type":136,"name":196,"callback":197,"file":198,"line":150},"wp_enqueue_scripts","enqueue_heartbeat","includes\\Core\\RealTime.php",{"type":136,"name":167,"callback":197,"file":198,"line":156},{"type":152,"name":201,"callback":201,"priority":155,"file":198,"line":145},"heartbeat_received",{"type":136,"name":203,"callback":204,"priority":155,"file":198,"line":205},"atlasly_entry_created","broadcast_created",14,{"type":136,"name":207,"callback":208,"priority":155,"file":198,"line":209},"atlasly_entry_updated","broadcast_updated",15,{"type":136,"name":147,"callback":211,"file":212,"line":150},"add_rate_limiting","includes\\Core\\Security.php",{"type":152,"name":214,"callback":215,"priority":155,"file":212,"line":216},"rest_request_before_callbacks","rate_limit_check",19,{"type":136,"name":137,"callback":218,"file":219,"line":205},"check_version","includes\\Core\\Version.php",{"type":136,"name":221,"callback":222,"priority":155,"file":219,"line":209},"upgrader_process_complete","upgrade_completed",{"type":136,"name":203,"callback":224,"priority":155,"file":225,"line":145},"trigger_created","includes\\Core\\Webhooks.php",{"type":136,"name":207,"callback":227,"priority":155,"file":225,"line":205},"trigger_updated",{"type":136,"name":229,"callback":230,"priority":155,"file":225,"line":209},"atlasly_entry_deleted","trigger_deleted",{"type":136,"name":196,"callback":232,"file":233,"line":150},"inject_proxy_script","includes\\FormProxy.php",{"type":136,"name":147,"callback":235,"file":233,"line":156},"register_routes",{"type":136,"name":147,"callback":235,"file":237,"line":150},"includes\\Integrations\\HubSpot.php",{"type":152,"name":214,"callback":138,"priority":155,"file":239,"line":216},"includes\\Rest\\ContentTypesController.php",{"type":152,"name":241,"callback":242,"file":243,"line":244},"upload_dir","anonymous","includes\\Rest\\FileUploadController.php",75,[246,251,255,260,264,267],{"action":247,"nopriv":248,"callback":249,"hasNonce":248,"hasCapCheck":248,"file":164,"line":250},"atlasly_setup",false,"handle_setup",44,{"action":252,"nopriv":248,"callback":253,"hasNonce":248,"hasCapCheck":248,"file":164,"line":254},"atlasly_reset_setup","handle_reset",45,{"action":256,"nopriv":248,"callback":257,"hasNonce":258,"hasCapCheck":258,"file":164,"line":259},"atlasly_save_security_settings","handle_security_settings",true,46,{"action":261,"nopriv":248,"callback":262,"hasNonce":258,"hasCapCheck":258,"file":164,"line":263},"atlasly_save_webhooks","handle_save_webhooks",47,{"action":265,"nopriv":248,"callback":266,"hasNonce":258,"hasCapCheck":258,"file":164,"line":46},"atlasly_save_cors","handle_save_cors",{"action":268,"nopriv":248,"callback":269,"hasNonce":258,"hasCapCheck":258,"file":190,"line":205},"atlasly_sync_content","sync_content",[271,279,283,288,291,294,297,300,306,310,314,318,322,325,329,333,338,342,346,349,353,356,360,364],{"namespace":272,"route":273,"methods":274,"callback":276,"permissionCallback":277,"file":233,"line":278},"atlasly\u002Fv1","\u002Fform-capture",[275],"POST","capture_submission","__return_true",27,{"namespace":272,"route":280,"methods":281,"callback":282,"permissionCallback":277,"file":237,"line":209},"\u002Fhubspot\u002Fwebhook",[275],"handle_webhook",{"namespace":272,"route":284,"methods":285,"callback":242,"permissionCallback":26,"file":239,"line":287},"\u002Fcontent-types\u002Fbulk-delete",[286],"GET",26,{"namespace":272,"route":289,"methods":290,"callback":242,"permissionCallback":26,"file":239,"line":31},"\u002Fcontent-types",[286],{"namespace":272,"route":292,"methods":293,"callback":242,"permissionCallback":26,"file":239,"line":169},"\u002Fcontent-types\u002F(?P\u003Cid>\\d+)",[286],{"namespace":272,"route":295,"methods":296,"callback":242,"permissionCallback":26,"file":239,"line":180},"\u002Fcontent-types\u002F(?P\u003Cid>\\d+)\u002Fschema",[286],{"namespace":272,"route":298,"methods":299,"callback":242,"permissionCallback":26,"file":239,"line":250},"\u002Ffield-types",[286],{"namespace":272,"route":301,"methods":302,"callback":303,"permissionCallback":304,"file":305,"line":209},"\u002Fdashboard",[286],"stats","can_view_dashboard","includes\\Rest\\DashboardController.php",{"namespace":272,"route":307,"methods":308,"callback":242,"permissionCallback":26,"file":309,"line":162},"\u002Fentries\u002Fbulk-delete",[286],"includes\\Rest\\EntriesController.php",{"namespace":272,"route":311,"methods":312,"callback":242,"permissionCallback":26,"file":309,"line":313},"\u002Fentries\u002Fbulk-update",[286],21,{"namespace":272,"route":315,"methods":316,"callback":242,"permissionCallback":26,"file":309,"line":317},"\u002Fcontent-types\u002F(?P\u003Ctype_id>\\d+)\u002Fentries",[286],25,{"namespace":272,"route":319,"methods":320,"callback":242,"permissionCallback":26,"file":309,"line":321},"\u002Fentries\u002F(?P\u003Cid>\\d+)",[286],31,{"namespace":272,"route":323,"methods":324,"callback":242,"permissionCallback":26,"file":309,"line":174},"\u002Fentries\u002F(?P\u003Cid>\\d+)\u002Fduplicate",[286],{"namespace":272,"route":326,"methods":327,"callback":242,"permissionCallback":26,"file":243,"line":328},"\u002Fupload",[286],16,{"namespace":272,"route":330,"methods":331,"callback":242,"permissionCallback":26,"file":243,"line":332},"\u002Ffiles\u002F(?P\u003Cid>\\d+)",[286],20,{"namespace":272,"route":334,"methods":335,"callback":336,"permissionCallback":277,"file":337,"line":328},"\u002Fentries\u002Fpoll",[286],"poll_entries","includes\\Rest\\FormGeneratorController.php",{"namespace":272,"route":339,"methods":340,"callback":242,"permissionCallback":26,"file":341,"line":209},"\u002Fgraphql",[286],"includes\\Rest\\GraphQLController.php",{"namespace":272,"route":343,"methods":344,"callback":242,"permissionCallback":26,"file":345,"line":328},"\u002Fexport\u002Fcontent-types",[286],"includes\\Rest\\ImportExportController.php",{"namespace":272,"route":347,"methods":348,"callback":242,"permissionCallback":26,"file":345,"line":332},"\u002Fexport\u002Fentries\u002F(?P\u003Ctype_id>\\d+)",[286],{"namespace":272,"route":350,"methods":351,"callback":242,"permissionCallback":26,"file":345,"line":352},"\u002Fexport\u002F(?P\u003Cformat>csv|json|xml)\u002F(?P\u003Ctype_id>\\d+)",[286],24,{"namespace":272,"route":354,"methods":355,"callback":242,"permissionCallback":26,"file":345,"line":140},"\u002Fimport\u002Fcontent-types",[286],{"namespace":272,"route":357,"methods":358,"callback":242,"permissionCallback":26,"file":345,"line":359},"\u002Fimport\u002Fentries\u002F(?P\u003Ctype_id>\\d+)",[286],32,{"namespace":272,"route":361,"methods":362,"callback":242,"permissionCallback":26,"file":363,"line":209},"\u002Frelationships\u002F(?P\u003Ctype_id>\\d+)",[286],"includes\\Rest\\RelationshipController.php",{"namespace":272,"route":365,"methods":366,"callback":242,"permissionCallback":26,"file":363,"line":216},"\u002Fsearch\u002Fentries",[286],[],[],{"dangerousFunctions":370,"sqlUsage":371,"outputEscaping":428,"fileOperations":435,"externalRequests":30,"nonceChecks":436,"capabilityChecks":156,"bundledLibraries":437},[],{"prepared":372,"raw":373,"locations":374},66,29,[375,378,381,384,386,388,389,390,392,394,396,397,398,400,403,405,407,408,410,412,414,415,416,417,419,421,423,425,427],{"file":144,"line":376,"context":377},124,"$wpdb->get_var() with variable interpolation",{"file":144,"line":379,"context":380},128,"$wpdb->get_results() with variable interpolation",{"file":382,"line":383,"context":377},"includes\\Admin\\Pages\\SetupWizard.php",93,{"file":382,"line":32,"context":385},"$wpdb->query() with variable interpolation",{"file":382,"line":387,"context":377},97,{"file":382,"line":45,"context":385},{"file":382,"line":376,"context":377},{"file":382,"line":391,"context":377},136,{"file":382,"line":393,"context":377},148,{"file":395,"line":172,"context":377},"includes\\Core\\CLI.php",{"file":395,"line":174,"context":377},{"file":395,"line":244,"context":380},{"file":395,"line":399,"context":380},76,{"file":401,"line":402,"context":385},"includes\\Core\\Installer.php",61,{"file":190,"line":404,"context":377},114,{"file":190,"line":406,"context":377},115,{"file":219,"line":46,"context":385},{"file":219,"line":409,"context":377},64,{"file":239,"line":411,"context":377},54,{"file":239,"line":413,"context":380},58,{"file":305,"line":165,"context":377},{"file":305,"line":259,"context":380},{"file":305,"line":263,"context":377},{"file":305,"line":418,"context":380},50,{"file":305,"line":420,"context":380},59,{"file":305,"line":422,"context":380},69,{"file":309,"line":424,"context":377},68,{"file":309,"line":426,"context":380},71,{"file":345,"line":180,"context":380},{"escaped":399,"rawEcho":106,"locations":429},[430,433],{"file":345,"line":431,"context":432},160,"raw output",{"file":345,"line":434,"context":432},187,4,7,[],[439,455,467,475,488,501,511],{"entryPoint":440,"graph":441,"unsanitizedCount":30,"severity":454},"render (includes\\Admin\\Pages\\SetupWizard.php:12)",{"nodes":442,"edges":452},[443,447],{"id":444,"type":445,"label":446,"file":382,"line":145},"n0","source","$_GET",{"id":448,"type":449,"label":450,"file":382,"line":162,"wp_function":451},"n1","sink","echo() [XSS]","echo",[453],{"from":444,"to":448,"sanitized":248},"medium",{"entryPoint":456,"graph":457,"unsanitizedCount":30,"severity":454},"add_cors_headers (includes\\Core\\ApiSecurity.php:134)",{"nodes":458,"edges":465},[459,461],{"id":444,"type":445,"label":460,"file":149,"line":391},"$_SERVER",{"id":448,"type":449,"label":462,"file":149,"line":463,"wp_function":464},"header() [Header Injection]",138,"header",[466],{"from":444,"to":448,"sanitized":248},{"entryPoint":468,"graph":469,"unsanitizedCount":30,"severity":454},"\u003CApiSecurity> (includes\\Core\\ApiSecurity.php:0)",{"nodes":470,"edges":473},[471,472],{"id":444,"type":445,"label":460,"file":149,"line":391},{"id":448,"type":449,"label":462,"file":149,"line":463,"wp_function":464},[474],{"from":444,"to":448,"sanitized":248},{"entryPoint":476,"graph":477,"unsanitizedCount":11,"severity":487},"handle_setup (includes\\Admin\\Pages\\SetupWizard.php:21)",{"nodes":478,"edges":485},[479,481],{"id":444,"type":445,"label":480,"file":382,"line":165},"$_POST (x2)",{"id":448,"type":449,"label":482,"file":382,"line":483,"wp_function":484},"update_option() [Settings Manipulation]",62,"update_option",[486],{"from":444,"to":448,"sanitized":258},"low",{"entryPoint":489,"graph":490,"unsanitizedCount":11,"severity":487},"\u003CSetupWizard> (includes\\Admin\\Pages\\SetupWizard.php:0)",{"nodes":491,"edges":498},[492,493,494,496],{"id":444,"type":445,"label":446,"file":382,"line":145},{"id":448,"type":449,"label":450,"file":382,"line":162,"wp_function":451},{"id":495,"type":445,"label":480,"file":382,"line":165},"n2",{"id":497,"type":449,"label":482,"file":382,"line":483,"wp_function":484},"n3",[499,500],{"from":444,"to":448,"sanitized":258},{"from":495,"to":497,"sanitized":258},{"entryPoint":502,"graph":503,"unsanitizedCount":11,"severity":487},"sync_content (includes\\Core\\Network.php:36)",{"nodes":504,"edges":509},[505,506],{"id":444,"type":445,"label":480,"file":190,"line":259},{"id":448,"type":449,"label":507,"file":190,"line":402,"wp_function":508},"get_results() [SQLi]","get_results",[510],{"from":444,"to":448,"sanitized":258},{"entryPoint":512,"graph":513,"unsanitizedCount":11,"severity":487},"\u003CNetwork> (includes\\Core\\Network.php:0)",{"nodes":514,"edges":517},[515,516],{"id":444,"type":445,"label":480,"file":190,"line":259},{"id":448,"type":449,"label":507,"file":190,"line":402,"wp_function":508},[518],{"from":444,"to":448,"sanitized":258},{"summary":520,"deductions":521},"The 'atlasly-content-manager' plugin v1.0.0 presents a significant security risk due to a large number of unprotected entry points. While the plugin demonstrates good practices in terms of SQL query preparation and output escaping, the absence of authentication and permission checks on a vast majority of its AJAX handlers and REST API routes creates a wide attack surface. This means that any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or data exposure. The taint analysis, while not revealing critical or high-severity issues, did identify flows with unsanitized paths, which, when combined with the lack of input validation, could be exploited.",[522,524,526],{"reason":523,"points":155},"High number of unprotected AJAX handlers",{"reason":525,"points":155},"High number of unprotected REST API routes",{"reason":527,"points":528},"Flows with unsanitized paths detected",5,"2026-03-17T06:02:41.172Z",{"wat":531,"direct":544},{"assetPaths":532,"generatorPatterns":537,"scriptPaths":538,"versionParams":539},[533,534,535,536],"\u002Fwp-content\u002Fplugins\u002Fatlasly-content-manager\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fatlasly-content-manager\u002Fassets\u002Fcss\u002Fentries.css","\u002Fwp-content\u002Fplugins\u002Fatlasly-content-manager\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fatlasly-content-manager\u002Fassets\u002Fjs\u002Fwebhooks.js",[],[535,536],[540,541,542,543],"atlasly-content-manager\u002Fassets\u002Fcss\u002Fadmin.css?ver=","atlasly-content-manager\u002Fassets\u002Fcss\u002Fentries.css?ver=","atlasly-content-manager\u002Fassets\u002Fjs\u002Fadmin.js?ver=","atlasly-content-manager\u002Fassets\u002Fjs\u002Fwebhooks.js?ver=",{"cssClasses":545,"htmlComments":546,"htmlAttributes":547,"restEndpoints":551,"jsGlobals":560,"shortcodeOutput":561},[],[],[548,549,550],"atlasly_ajax","atlasly_settings","atlasly_webhooks_data",[552,553,554,555,556,557,558,559],"\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fcontent-types","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fdashboard","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fentries","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fimport-export","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Ffile-upload","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fgraphql","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Frelationships","\u002Fwp-json\u002Fatlasly\u002Fv1\u002Fform-generator",[548,549,550],[]]