Does Ultimate Endpoints With Rest Api have any unpatched vulnerabilities?

Yes — Ultimate Endpoints With Rest Api currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Ultimate Endpoints With Rest Api compatible with WordPress 6.8.5?

According to WordPress.org data, Ultimate Endpoints With Rest Api 2.2.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Ultimate Endpoints With Rest Api compatible with PHP 5.2.4+?

Ultimate Endpoints With Rest Api requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultimate Endpoints With Rest Api updated?

Ultimate Endpoints With Rest Api was last updated on Jun 26, 2025. Frequent updates are generally a positive security signal.

What is Ultimate Endpoints With Rest Api's security score?

Ultimate Endpoints With Rest Api has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Endpoints With Rest Api Security & Risk Analysis

wordpress.org/plugins/custom-wp-rest-api

The WordPress REST API is more than just a set of default routes.But you want to add your Custom Endpoints/routes to the WP REST API ? Fantastic! Let’ …

400 active installs v2.2.3 PHP 5.2.4+ WP 3.0.1+ Updated Jun 26, 2025

apicustomcustom-endpointsendpointrest

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is Ultimate Endpoints With Rest Api Safe to Use in 2026?

Mostly Safe

Score 79/100

Ultimate Endpoints With Rest Api is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 11, 2024Updated 9mo ago

Risk Assessment

The 'custom-wp-rest-api' plugin v2.2.3 exhibits a mixed security posture. On one hand, it demonstrates good practices by having a limited attack surface with no exposed AJAX handlers or REST API routes without proper permission callbacks. The majority of its SQL queries utilize prepared statements, and output escaping is consistently high. However, several significant concerns are present. The static analysis reveals the presence of 7 dangerous 'unserialize' function calls, which can be a vector for deserialization vulnerabilities if not handled with extreme care. Furthermore, the taint analysis shows 6 flows with unsanitized paths, including 4 of high severity, indicating potential risks for data manipulation or execution if the plugin processes untrusted input.

Key Concerns

High severity taint flows detected
Dangerous unserialize function calls
Unpatched medium severity CVE
Flows with unsanitized paths
Lack of capability checks on entry points

Vulnerabilities

Ultimate Endpoints With Rest Api Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12260medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting

Dec 11, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Ultimate Endpoints With Rest Api Code Analysis

Dangerous Functions

Raw SQL Queries

33 prepared

Unescaped Output

125 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$from_details = unserialize($item['secret']);admin\api_log_display.php:55

unserialize$from_details = unserialize($item['secret']);admin\api_log_display.php:87

unserialize$from_details = unserialize($item['secret']);admin\api_log_display.php:101

unserialize$params = unserialize($value->param);admin\wpr_api_endpoints.php:141

unserialize$callback = unserialize($value->basedata);admin\wpr_api_endpoints.php:143

unserialize$callback = unserialize($_get_basedata->basedata);includes\class-rest-controller.php:48

unserialize$callback = unserialize($value->basedata);includes\functions.php:115

SQL Query Safety

87% prepared38 total queries

Output Escaping

95% escaped132 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

wcra_http_response_code (admin\custom-functions.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ultimate Endpoints With Rest Api Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_menuadmin\settings.php:5

actionactivated_pluginincludes\class-customwprest-activator.php:60

actionplugins_loadedincludes\class-customwprest.php:160

actionadmin_enqueue_scriptsincludes\class-customwprest.php:175

actionadmin_enqueue_scriptsincludes\class-customwprest.php:176

actionwp_enqueue_scriptsincludes\class-customwprest.php:191

actionwp_enqueue_scriptsincludes\class-customwprest.php:192

actionrest_api_initincludes\class-rest-controller.php:15

actioninitincludes\functions.php:269

Maintenance & Trust

Ultimate Endpoints With Rest Api Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 26, 2025

PHP min version5.2.4

Downloads12K

Community Trust

Rating100/100

Number of ratings6

Active installs400

Alternatives

Ultimate Endpoints With Rest Api Alternatives

Custom API for WP

custom-api-for-wp

Connect WordPress with External APIs and create no-code custom WordPress REST API endpoints to interact with the WordPress database to perform SQL ope …

1K 2 CVEs

SapientSEO

sapientseo

100

Adds secured custom REST API endpoints to integrate WordPress with the SapientSEO app.

10 No CVEs

Advanced Custom Routes – Custom Endpoints for WP REST API

advanced-custom-routes-custom-endpoints-for-wp-rest-api

The easiest way to create custom WP REST API Routes without writing a line of code.

40 No CVEs

REST API Manager For ACF

rest-api-manager-for-acf

100

Custom REST API endpoint plugin to return ACF fields, post meta (selected keys), or a mixed object. Fully configurable from the admin settings page.

20 No CVEs

WPGet API – Connect to any external REST API

wpgetapi

Connect any REST API to WordPress. WPGet API enables easy API integration, allowing you to display API data without any code.

10K 2 CVEs

Developer Profile

Ultimate Endpoints With Rest Api Developer Profile

Dipankar Pal

3 plugins · 400 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Endpoints With Rest Api

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-wp-rest-api/css/customwprest-admin.css/wp-content/plugins/custom-wp-rest-api/font-awesome/css/font-awesome.css/wp-content/plugins/custom-wp-rest-api/js/customwprest-admin.js

Script Paths

/wp-content/plugins/custom-wp-rest-api/js/customwprest-admin.js

Version Parameters

customwprest-admin.css?ver=font-awesome.css?ver=customwprest-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

wcraObj

JS Globals