[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fr2HKYLeEAVooA_XdD-xDC9GlV0s3ozZvEWhvrUqAGhU":3,"$fHc7EMOHWnVKq9fJ1KmFj_EDKeZvHQEWSaAeeN5yMRsQ":203,"$fo3pxbHhHEgMNwjnjPcNMgOsCbocPfS7R1jZGKkjWCX4":208},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":128,"fingerprints":187},"blogwired-gateway","BlogWired Gateway","1.5.2","wiredcoyotedigital","https:\u002F\u002Fprofiles.wordpress.org\u002Fwiredcoyotedigital\u002F","\u003Cp>BlogWired Gateway connects your WordPress site to the \u003Ca href=\"https:\u002F\u002Fblogwired.app\" rel=\"nofollow ugc\">BlogWired\u003C\u002Fa> content management platform, allowing you to create and manage blog posts remotely through a secure REST API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Secure API key authentication via custom HTTP header\u003C\u002Fli>\n\u003Cli>Create, update, and retrieve posts remotely\u003C\u002Fli>\n\u003Cli>Set post title, content, status, date, author, categories, tags, and post format\u003C\u002Fli>\n\u003Cli>Upload featured images\u003C\u002Fli>\n\u003Cli>Create new categories and tags on the fly\u003C\u002Fli>\n\u003Cli>Rate limiting to protect against brute-force attacks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install and activate the plugin on your WordPress site.\u003C\u002Fli>\n\u003Cli>Enter the API key from your BlogWired dashboard into the plugin settings.\u003C\u002Fli>\n\u003Cli>BlogWired connects to your site securely via the REST API to publish content.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All communication between BlogWired and your WordPress site is authenticated using a unique API key transmitted via a custom HTTP header.\u003C\u002Fp>\n","The official gateway plugin for the BlogWired application. Enables secure remote publishing from BlogWired to your WordPress site.",0,37,"2026-04-13T16:39:00.000Z","7.0","5.8","7.4",[18,19,20,21,22],"blogging","blogwired","content-management","remote-publishing","rest-api","https:\u002F\u002Fblogwired.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblogwired-gateway.1.5.2.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,94,"2026-05-19T22:13:24.063Z",[36,56,72,88,106],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":25,"downloaded":44,"rating":25,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"enable-abilities-for-mcp","Enable Abilities for MCP","1.9.3","fabiomontenegro1987","https:\u002F\u002Fprofiles.wordpress.org\u002Ffabiomontenegro1987\u002F","\u003Cp>\u003Cstrong>Enable Abilities for MCP\u003C\u002Fstrong> gives you full control over which WordPress Abilities are available to AI assistants through the MCP (Model Context Protocol) Adapter.\u003C\u002Fp>\n\u003Cp>WordPress 6.9 introduced the Abilities API, allowing external tools to discover and execute actions on your site. This plugin extends that functionality by registering a comprehensive set of content management abilities and providing a simple admin interface to toggle each one on or off.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>40 abilities\u003C\u002Fstrong> organized in 8 categories: Core, Read, Write, SEO, Utility, Custom Post Types, WooCommerce, and The Events Calendar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> — dedicated abilities to manage products, orders, and customers using the native WooCommerce API (HPOS-compatible, formally declared)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>The Events Calendar integration\u003C\u002Fstrong> — list, get, create, and update events with venue, organizer, and date filters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin dashboard\u003C\u002Fstrong> with toggle switches for each ability\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-ability control\u003C\u002Fstrong> — expose only what you need\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure by design\u003C\u002Fstrong> — proper capability checks, input sanitization, and per-post permission validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPCS compliant\u003C\u002Fstrong> — fully passes WordPress Coding Standards (phpcs)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MCP-ready\u003C\u002Fstrong> — all abilities include \u003Ccode>show_in_rest\u003C\u002Fcode> and \u003Ccode>mcp.public\u003C\u002Fcode> metadata\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Abilities\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Read (safe, query-only):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get posts with filters (status, category, tag, search)\u003C\u002Fli>\n\u003Cli>Get single post details (content, SEO meta, featured image)\u003C\u002Fli>\n\u003Cli>Get categories, tags, pages, comments, media, and users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Write (create & modify):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create, update, and delete posts\u003C\u002Fli>\n\u003Cli>Create categories and tags\u003C\u002Fli>\n\u003Cli>Create pages\u003C\u002Fli>\n\u003Cli>Moderate comments\u003C\u002Fli>\n\u003Cli>Reply to comments as the authenticated user\u003C\u002Fli>\n\u003Cli>Upload images from external URLs to the media library (with optional auto-assign as featured image)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>SEO — Rank Math:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get full Rank Math metadata for any post\u002Fpage (title, description, keywords, robots, Open Graph, SEO score)\u003C\u002Fli>\n\u003Cli>Update Rank Math metadata: SEO title, description, focus keyword, canonical URL, robots, Open Graph, primary category, pillar content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom Post Types:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List all registered custom post types with configuration and taxonomies\u003C\u002Fli>\n\u003Cli>Get items from any CPT with filtering, search, and taxonomy queries\u003C\u002Fli>\n\u003Cli>Get full details of a CPT item including all meta fields (WooCommerce, ACF, JetEngine, etc.)\u003C\u002Fli>\n\u003Cli>Create, update, and delete CPT items with taxonomy and meta field support\u003C\u002Fli>\n\u003Cli>Get CPT taxonomies with their terms\u003C\u002Fli>\n\u003Cli>Assign taxonomy terms to CPT items\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WooCommerce:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List products with price, SKU, stock status, categories, and type\u003C\u002Fli>\n\u003Cli>Get full product detail including gallery, attributes, and variations\u003C\u002Fli>\n\u003Cli>Update product price, sale price, stock quantity, and status\u003C\u002Fli>\n\u003Cli>List orders with customer, total, status, and date (HPOS-compatible)\u003C\u002Fli>\n\u003Cli>Get full order detail: line items, billing\u002Fshipping, totals, and notes\u003C\u002Fli>\n\u003Cli>Update order status with optional note\u003C\u002Fli>\n\u003Cli>List customers with email, name, total spent, and order count\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>The Events Calendar:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List events with start\u002Fend date, venue, organizer, and date range filter\u003C\u002Fli>\n\u003Cli>Get full event detail with resolved venue address and organizer contact\u003C\u002Fli>\n\u003Cli>Create new events with title, description, dates, venue, and organizer\u003C\u002Fli>\n\u003Cli>Update existing events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Utility:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and replace text in post content\u003C\u002Fli>\n\u003Cli>Site statistics overview (includes custom post type counts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.9 or later (Abilities API)\u003C\u002Fli>\n\u003Cli>MCP Adapter plugin installed and configured\u003C\u002Fli>\n\u003Cli>PHP 8.0 or later\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage which WordPress Abilities are exposed to MCP servers. Supports WooCommerce, The Events Calendar, and any custom post type.",884,3,"2026-04-13T22:23:00.000Z","6.9.4","6.9","8.0",[51,20,52,22,53],"ai","mcp","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-abilities-for-mcp.1.9.3.zip",{"slug":57,"name":58,"version":59,"author":58,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":25,"num_ratings":45,"last_updated":64,"tested_up_to":47,"requires_at_least":65,"requires_php":16,"tags":66,"homepage":70,"download_link":71,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"rank-authority","Rank Authority","1.0.37","https:\u002F\u002Fprofiles.wordpress.org\u002Frankauthority\u002F","\u003Cp>Rank Authority is a secure WordPress plugin that enables seamless integration between your WordPress site and the Rank Authority Dashboard. It provides a REST API endpoint for publishing, updating, and deleting blog posts directly from your dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in 1.0.14:\u003C\u002Fstrong> Token reset functionality is now available to all administrators with manage_options capability, not just the plugin owner. This provides better flexibility for team environments where multiple administrators need to manage the connection token.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Secure Token-Based Authentication\u003C\u002Fstrong>: Uses Bearer token authentication for secure API access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Publish Posts\u003C\u002Fstrong>: Create new blog posts directly from the Rank Authority Dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Update Posts\u003C\u002Fstrong>: Modify existing published posts with new content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Delete Posts\u003C\u002Fstrong>: Remove posts from your WordPress site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS \u002F WebSub\u003C\u002Fstrong>: RSS 2.0 feeds declare a PubSubHubbub (WebSub) hub link so update-friendly services can discover feed changes faster\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Script Injection\u003C\u002Fstrong>: Automatically injects SEO tracking scripts into your site header\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Owner Controls\u003C\u002Fstrong>: Token owner can manage visibility and regenerate tokens\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTTPS Required\u003C\u002Fstrong>: All API requests require HTTPS for security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Navigate to WordPress Admin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Rank Authority\u003C\u002Fli>\n\u003Cli>Copy your unique connection token\u003C\u002Fli>\n\u003Cli>Use the token in your Rank Authority Dashboard to connect your WordPress site\u003C\u002Fli>\n\u003Cli>Start publishing content directly from your dashboard!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Bearer token authentication\u003C\u002Fli>\n\u003Cli>HTTPS requirement for all API requests\u003C\u002Fli>\n\u003Cli>Token regeneration capability\u003C\u002Fli>\n\u003Cli>Owner-based access controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit https:\u002F\u002Frankauthority.com or email support@rankauthority.com\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Rank Authority\u003Cbr \u002F>\nWebsite: https:\u002F\u002Frankauthority.com\u003C\u002Fp>\n","Secure API connector to publish posts and overwrite posts from the RA Dashboard to WordPress. Token reset functionality is now available to all admini &hellip;",981,"2026-03-27T22:38:00.000Z","5.0",[67,20,68,22,69],"api","publishing","seo","https:\u002F\u002Frankauthority.com\u002Fplugins\u002Frankauthority","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frank-authority.1.0.37.zip",{"slug":73,"name":74,"version":75,"author":74,"author_profile":76,"description":77,"short_description":78,"active_installs":11,"downloaded":79,"rating":11,"num_ratings":11,"last_updated":80,"tested_up_to":47,"requires_at_least":81,"requires_php":16,"tags":82,"homepage":54,"download_link":86,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":87},"vectoron","Vectoron","2.11.13","https:\u002F\u002Fprofiles.wordpress.org\u002Fvectoron\u002F","\u003Cp>Vectoron provides three main features:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. REST API Endpoints\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Secure REST API endpoints for external content management, perfect for integrating with automation platforms like Superblocks, Zapier, or custom applications.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create and update posts programmatically\u003C\u002Fli>\n\u003Cli>Manage categories\u003C\u002Fli>\n\u003Cli>Upload media (file upload, base64, or URL)\u003C\u002Fli>\n\u003Cli>Full authentication support (Basic Auth or custom headers)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>2. Content Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The \u003Ccode>[vectoron_article]\u003C\u002Fcode> shortcode provides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic wpautop disabling for custom HTML content\u003C\u002Fli>\n\u003Cli>Built-in GA4 event tracking\u003C\u002Fli>\n\u003Cli>FAQ accordion styling support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>3. ACF Integration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically sync post content to Advanced Custom Fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Settings page under Settings > Vectoron\u003C\u002Fli>\n\u003Cli>Auto-detect WYSIWYG fields in ACF field groups\u003C\u002Fli>\n\u003Cli>Support for Flexible Content, Repeaters, and Groups\u003C\u002Fli>\n\u003Cli>ACF sync triggered by Vectoron API or X-Vectoron-Sync header\u003C\u002Fli>\n\u003Cli>Works with both custom Vectoron API and native WP REST API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>4. Page Builder Integrations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Seamless integration with popular WordPress page builders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Elementor\u003C\u002Fstrong>: Auto-sync content to Elementor’s text-editor widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beaver Builder\u003C\u002Fstrong>: Auto-sync content to Beaver Builder’s rich-text modules\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DIVI\u003C\u002Fstrong>: Auto-sync content to DIVI’s shortcode format (sections, rows, columns, text modules)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Bakery\u003C\u002Fstrong>: Auto-sync content to WP Bakery’s shortcode format (rows, columns, column_text)\u003C\u002Fli>\n\u003Cli>Configurable sync modes: Auto (detect existing builder posts), Always (convert all posts), or Disabled\u003C\u002Fli>\n\u003Cli>Cache clearing for immediate visual updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>5. SEO Plugin Integrations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatic SEO metadata sync with popular SEO plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Yoast SEO\u003C\u002Fstrong>: Sync meta description, SEO title, and focus keyword\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEOpress\u003C\u002Fstrong>: Sync meta description, SEO title, and target keyword\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rank Math\u003C\u002Fstrong>: Sync meta description, SEO title, and focus keyword\u003C\u002Fli>\n\u003Cli>All SEO fields set via API are automatically synced to the active SEO plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API Endpoints\u003C\u002Fh3>\n\u003Cp>All endpoints use the namespace \u003Ccode>vectoron\u002Fv1\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fvectoron\u002Fv1\u002Fposts\u003C\u002Fcode> – Create a new post\u003C\u002Fli>\n\u003Cli>\u003Ccode>PUT \u002Fwp-json\u002Fvectoron\u002Fv1\u002Fposts\u002F{id}\u003C\u002Fcode> – Update an existing post\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fvectoron\u002Fv1\u002Fcategories\u003C\u002Fcode> – Create a category\u003C\u002Fli>\n\u003Cli>\u003Ccode>POST \u002Fwp-json\u002Fvectoron\u002Fv1\u002Fmedia\u003C\u002Fcode> – Upload media\u003C\u002Fli>\n\u003Cli>\u003Ccode>GET \u002Fwp-json\u002Fvectoron\u002Fv1\u002Fstatus\u003C\u002Fcode> – Health check (no auth required)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Authentication\u003C\u002Fh3>\n\u003Cp>Three authentication methods are supported:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>HTTP Basic Auth\u003C\u002Fstrong> – Standard username:password\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authorization Header\u003C\u002Fstrong> – \u003Ccode>Authorization: Basic \u003Cbase64>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Headers\u003C\u002Fstrong> – \u003Ccode>X-WP-Username\u003C\u002Fcode> and \u003Ccode>X-WP-Password\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>ACF Sync Header\u003C\u002Fh3>\n\u003Cp>When using the native WordPress REST API (\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts\u003C\u002Fcode>) instead of the Vectoron custom API, you can trigger ACF sync by adding the \u003Ccode>X-Vectoron-Sync\u003C\u002Fcode> header:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>X-Vectoron-Sync: true\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This is useful when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You want to use WordPress’s native post creation\u002Fupdate endpoints\u003C\u002Fli>\n\u003Cli>Your integration already uses the WP REST API\u003C\u002Fli>\n\u003Cli>You need features only available in the native API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Without this header, native WP REST API requests will NOT trigger ACF sync, ensuring Gutenberg and other WordPress interfaces don’t interfere with ACF content.\u003C\u002Fp>\n\u003Ch3>Security Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Rate limiting (60 requests\u002Fminute per IP)\u003C\u002Fli>\n\u003Cli>Capability-based permission checks\u003C\u002Fli>\n\u003Cli>SSRF protection for URL uploads\u003C\u002Fli>\n\u003Cli>Input sanitization and validation\u003C\u002Fli>\n\u003Cli>Protected meta key filtering\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress REST API plugin for external content management with authenticated API endpoints, GA4 tracking shortcodes, and ACF integration.",529,"2026-03-19T19:48:00.000Z","5.6",[83,20,84,22,85],"analytics","ga4","shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvectoron.2.11.13.zip","2026-04-06T09:54:40.288Z",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":32,"num_ratings":98,"last_updated":99,"tested_up_to":54,"requires_at_least":100,"requires_php":16,"tags":101,"homepage":103,"download_link":104,"security_score":105,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"woocommerce-legacy-rest-api","WooCommerce Legacy REST API","1.0.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.woocommerce.com\u002F2023\u002F10\u002F03\u002Fthe-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0\u002F\" rel=\"nofollow ugc\">The Legacy REST API will no longer part of WooCommerce as of version 9.0\u003C\u002Fa>. This plugin restores the full functionality of the removed Legacy REST API code in WooCommerce 9.0 and later versions.\u003C\u002Fp>\n\u003Cp>For all intents and purposes, having this plugin installed and active in WooCommerce 9.0 and newer versions is equivalent to enabling the Legacy REST API in WooCommerce 8.9 and older versions (via WooCommerce – Settings – Advanced – Legacy API). All the endpoints work the same way, and existing user keys also continue working.\u003C\u002Fp>\n\u003Cp>On the other hand, installing this plugin together with WooCommerce 8.9 or an older version is safe: the plugin detects that the Legacy REST API is still part of WooCommerce and doesn’t initialize itself as to not interfere with the built-in code.\u003C\u002Fp>\n\u003Cp>Please note that \u003Cstrong>the Legacy REST API is not compatible with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fhigh-performance-order-storage\u002F\" rel=\"nofollow ugc\">High-Performance Order Storage\u003C\u002Fa>\u003C\u002Fstrong>. Upgrading the code that relies on the Legacy REST API to use the current WooCommerce REST API instead is highly recommended.\u003C\u002Fp>\n","The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.",400000,2335738,28,"2025-01-23T18:59:00.000Z","6.2",[22,102,53],"woo","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce-legacy-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-legacy-rest-api.1.0.5.zip",92,{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":81,"tags":121,"homepage":125,"download_link":126,"security_score":127,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,758515,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9",[122,67,123,124,22],"admin","json","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",85,{"attackSurface":129,"codeSignals":167,"taintFlows":174,"riskAssessment":175,"analyzedAt":186},{"hooks":130,"ajaxHandlers":144,"restRoutes":145,"shortcodes":165,"cronEvents":166,"entryPointCount":45,"unprotectedCount":31},[131,136,140],{"type":132,"name":133,"callback":134,"file":135,"line":32},"action","rest_api_init","register_api_routes","blogwired-gateway.php",{"type":132,"name":137,"callback":138,"file":135,"line":139},"admin_menu","add_settings_page",31,{"type":132,"name":141,"callback":142,"file":135,"line":143},"admin_init","register_settings",32,[],[146,154,160],{"namespace":147,"route":148,"methods":149,"callback":151,"permissionCallback":152,"file":135,"line":153},"blogwired\u002Fv1","\u002Fdata",[150],"GET","get_site_data","permission_check",40,{"namespace":147,"route":155,"methods":156,"callback":158,"permissionCallback":152,"file":135,"line":159},"\u002Fpost",[157],"POST","create_post",50,{"namespace":147,"route":161,"methods":162,"callback":163,"permissionCallback":26,"file":135,"line":164},"\u002Fpost\u002F(?P\u003Cid>\\d+)",[150],"anonymous",60,[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":173},[],{"prepared":11,"raw":11,"locations":170},[],{"escaped":32,"rawEcho":11,"locations":172},[],[],[],{"summary":176,"deductions":177},"The blogwired-gateway plugin v1.5.2 exhibits a generally strong security posture, with several positive indicators. The absence of dangerous functions, reliance on prepared statements for SQL queries, and proper output escaping for all identified outputs are commendable practices. The lack of file operations, external HTTP requests, and bundled libraries further reduces the potential attack surface.  However, the analysis highlights a significant concern: one of the three REST API routes lacks a permission callback. This creates an unprotected entry point that could be exploited by unauthenticated users if sensitive functionality is exposed through this route.\n\nThe static analysis found no critical taint flows, indicating that user-supplied data is likely handled safely within the existing code. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs. This suggests a history of secure development or effective patching by the developers.  Despite the clean history, the unprotected REST API endpoint is a notable weakness that needs to be addressed to fully secure the plugin. The absence of nonce checks and capability checks on the identified entry points is also a concern, though the impact is mitigated by the fact that only one REST API route is unprotected.",[178,181,184],{"reason":179,"points":180},"REST API route without permission callback",15,{"reason":182,"points":183},"No nonce checks on entry points",5,{"reason":185,"points":183},"No capability checks on entry points","2026-04-16T14:39:02.777Z",{"wat":188,"direct":193},{"assetPaths":189,"generatorPatterns":190,"scriptPaths":191,"versionParams":192},[],[],[],[],{"cssClasses":194,"htmlComments":195,"htmlAttributes":196,"restEndpoints":197,"jsGlobals":201,"shortcodeOutput":202},[],[],[],[198,199,200],"\u002Fblogwired\u002Fv1\u002Fdata","\u002Fblogwired\u002Fv1\u002Fpost","\u002Fblogwired\u002Fv1\u002Fpost\u002F(?P\u003Cid>\\d+)",[],[],{"error":204,"url":205,"statusCode":206,"statusMessage":207,"message":207},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fblogwired-gateway\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":31,"versions":209},[210],{"version":6,"download_url":24,"svn_tag_url":211,"released_at":26,"has_diff":212,"diff_files_changed":213,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":214,"is_current":204},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblogwired-gateway\u002Ftags\u002F1.5.2\u002F",false,[],[]]