[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2jsoHZ3adZH-BUA1Sm7F3Dzw8VB5J8mMDGeN2J1e-BM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":125,"fingerprints":188},"endpointy-menus","EndPointy Menus","1.1.0","Gunjan Jaswal","https:\u002F\u002Fprofiles.wordpress.org\u002Fgunjanjaswal\u002F","\u003Cp>EndPointy Menus adds custom REST API routes to expose your WordPress navigation menus as JSON.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Base namespace:\u003C\u002Fstrong> \u003Ccode>endpointy-menus\u002Fv1\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Endpoints:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>GET \u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u003C\u002Fcode>\u003Cbr \u002F>\nReturns all registered menus with locations and items.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>GET \u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode>\u003Cbr \u002F>\nReturns a single menu and its items by menu ID.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>GET \u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Flocations\u003C\u002Fcode>\u003Cbr \u002F>\nReturns all registered menu locations with assigned menus.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>GET \u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Flocations\u002F\u003Clocation>\u003C\u002Fcode>\u003Cbr \u002F>\nReturns a menu assigned to a specific location (e.g., ‘primary’, ‘footer’).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Query Parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>nested=true\u003C\u002Fcode> – Returns menu items in a hierarchical tree structure with parent-child relationships.\u003Cbr \u002F>\nExample: \u003Ccode>\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u002F2?nested=true\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is useful for headless WordPress setups or any external app that needs to read your menu structure.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Example requests:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all menus:\u003C\u002Fstrong>\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get single menu by ID:\u003C\u002Fstrong>\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u002F2\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all menu locations:\u003C\u002Fstrong>\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Flocations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get menu by location (e.g., ‘primary’):\u003C\u002Fstrong>\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Flocations\u002Fprimary\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get nested menu structure:\u003C\u002Fstrong>\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Fmenus\u002F2?nested=true\u003Cbr \u002F>\n    https:\u002F\u002Fyour-site.com\u002Fwp-json\u002Fendpointy-menus\u002Fv1\u002Flocations\u002Fprimary?nested=true\u003C\u002Fp>\n\u003Cp>Use these URLs directly from your front-end application or API client.\u003C\u002Fp>\n\u003Ch3>Support the Developer\u003C\u002Fh3>\n\u003Cp>If you find this plugin useful, you can support the developer:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Website: https:\u002F\u002Fgunjanjaswal.me\u003C\u002Fli>\n\u003Cli>GitHub: https:\u002F\u002Fgithub.com\u002Fgunjanjaswal\u002FEndpointy-Menus\u003C\u002Fli>\n\u003Cli>Buy Me a Coffee: https:\u002F\u002Fbuymeacoffee.com\u002Fgunjanjaswal\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions, issues, and feature requests are welcome!\u003Cbr \u002F>\nGitHub: https:\u002F\u002Fgithub.com\u002Fgunjanjaswal\u002FEndpointy-Menus\u003Cbr \u002F>\nIssues: https:\u002F\u002Fgithub.com\u002Fgunjanjaswal\u002FEndpointy-Menus\u002Fissues\u003C\u002Fp>\n","Expose WordPress menus via a custom REST API endpoint for headless and external applications.",0,134,"2025-12-16T09:17:00.000Z","6.9.4","5.0","",[18,19,20,21,22],"headless","json","menus","navigation","rest-api","https:\u002F\u002Fgithub.com\u002Fgunjanjaswal\u002FEndpointy-Menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fendpointy-menus.1.1.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"gunjanjaswal",6,150,30,94,"2026-04-04T09:12:03.992Z",[37,56,75,92,105],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":31,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":16,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-rest-api-v2-menus","WP-REST-API V2 Menus","0.12.1","thebatclaudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudiolabarbera\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress REST API (Version 2)\u003C\u002Fa> with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u003C\u002Fcode> list of every registered menu location in your theme.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatible with ACF menu’s custom attributes and menu item’s custom attributes.\u003C\u002Fp>\n\u003Cp>Compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmenu-image\u002F\" rel=\"ugc\">Menu Image, Icons made easy\u003C\u002Fa>.\u003C\u002Fp>\n","Adding menus endpoints on WP REST API v2",3000,164931,"2022-11-09T13:29:00.000Z","6.0.11","4.4",[51,19,52,53,20],"api","json-rest-api","menu-routes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-v2-menus.0.12.1.zip",85,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":25,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":16,"tags":70,"homepage":73,"download_link":74,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107511,8,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[19,52,20,71,72],"wp-api","wp-rest-api","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":11,"num_ratings":11,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":90,"download_link":91,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-rest-api-menus","WP-REST-API Menus","1.0","jcdev518","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcdev518\u002F","\u003Cp>This plugin adds “routes” or “endpoints” to WP REST API that allows for retrieval of\u003Cbr \u002F>\nmenu data as JSON.\u003C\u002Fp>\n\u003Cp>Updated port of “WP-REST-API V2 Menus” by Claudio La Barbera (http:\u002F\u002Fwww.claudiolabarbera.com)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all registered menus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Get menu data as JSON from menu slug:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Gets the contents of a registered menu by its “slug”.\u003C\u002Fp>\n\u003Cp>When assigning a menu a location in \u002Fwp-admin\u002Fnav-menus.php?action=locations\u003Cbr \u002F>\nthe slug is the name of the menu in lowercase and without any spaces like a post slug.\u003C\u002Fp>\n\u003Cp>If your menu name is Main Menu:\u003Cbr \u002F>\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fmenus\u002Fv1\u002Fwp-menus\u002Fmain-menu\u003C\u002Fp>\n","Adds menu endpoints to core WP REST API.",70,2395,"2018-03-26T22:33:00.000Z","4.9.29","4.7.0","5.6",[19,52,20,71,72],"https:\u002F\u002Fwww.amorphouswebsolutions.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-menus.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":44,"active_installs":11,"downloaded":99,"rating":11,"num_ratings":11,"last_updated":16,"tested_up_to":100,"requires_at_least":49,"requires_php":16,"tags":101,"homepage":102,"download_link":103,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":104},"tutexp-rest-api-menu","Tutexp Rest Api Menu","1.0.0","tapos007","https:\u002F\u002Fprofiles.wordpress.org\u002Ftapos007\u002F","\u003Cp>This plugin extends the WordPress REST API  with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003C\u002Ful>\n",1139,"4.8.28",[51,19,52,53,20],"http:\u002F\u002Ftutexp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftutexp-rest-api-menu.zip","2026-03-15T10:48:56.248Z",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":88,"tags":120,"homepage":123,"download_link":124,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9",[121,51,19,122,22],"admin","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"attackSurface":126,"codeSignals":168,"taintFlows":175,"riskAssessment":176,"analyzedAt":187},{"hooks":127,"ajaxHandlers":140,"restRoutes":141,"shortcodes":165,"cronEvents":166,"entryPointCount":167,"unprotectedCount":167},[128,134],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","rest_api_init","register_routes","endpointy-menus.php",25,{"type":135,"name":136,"callback":137,"priority":138,"file":132,"line":139},"filter","plugin_row_meta","add_plugin_row_meta",10,26,[],[142,150,155,160],{"namespace":143,"route":144,"methods":145,"callback":147,"permissionCallback":148,"file":132,"line":149},"endpointy-menus\u002Fv1","\u002Fmenus",[146],"GET","get_menus","__return_true",50,{"namespace":143,"route":151,"methods":152,"callback":153,"permissionCallback":148,"file":132,"line":154},"\u002Fmenus\u002F(?P\u003Cid>[0-9]+)",[146],"get_menu",66,{"namespace":143,"route":156,"methods":157,"callback":158,"permissionCallback":148,"file":132,"line":159},"\u002Flocations",[146],"get_locations",82,{"namespace":143,"route":161,"methods":162,"callback":163,"permissionCallback":148,"file":132,"line":164},"\u002Flocations\u002F(?P\u003Clocation>[a-zA-Z0-9_-]+)",[146],"get_menu_by_location",92,[],[],4,{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":174},[],{"prepared":11,"raw":11,"locations":171},[],{"escaped":11,"rawEcho":11,"locations":173},[],[],[],{"summary":177,"deductions":178},"The 'endpointy-menus' plugin version 1.1.0 exhibits a concerning security posture due to a significant portion of its attack surface being exposed without proper authorization checks. Specifically, all four identified REST API routes lack permission callbacks, meaning any authenticated user could potentially interact with these endpoints, leading to unauthorized actions or data exposure depending on their implementation.  While the static analysis does not reveal dangerous functions, raw SQL, or unescaped output, the absence of nonce checks and capability checks on these REST API routes is a critical oversight that creates a wide opening for potential exploits.\n\nThe plugin's vulnerability history is clean, showing no recorded CVEs. This, combined with the absence of dangerous code signals and taint flows, suggests that the core code might be well-written in terms of preventing common vulnerabilities like SQL injection or cross-site scripting (XSS). However, this positive aspect is heavily overshadowed by the identified attack surface issues.  The plugin's strength lies in its apparent lack of overtly malicious code patterns, but its weakness is the fundamental security gap in its REST API implementation.\n\nIn conclusion, while 'endpointy-menus' v1.1.0 does not appear to contain intentionally malicious code or known vulnerabilities, the direct exposure of its REST API routes without any form of authorization check presents a significant and immediate risk. This flaw could allow authenticated users to perform unintended actions. Robust permission checks are essential for all API endpoints to ensure data integrity and prevent unauthorized access.",[179,182,184],{"reason":180,"points":181},"REST API routes without permission callbacks",15,{"reason":183,"points":138},"No capability checks on entry points",{"reason":185,"points":186},"No nonce checks on entry points",5,"2026-03-17T06:15:21.071Z",{"wat":189,"direct":194},{"assetPaths":190,"generatorPatterns":191,"scriptPaths":192,"versionParams":193},[],[],[],[],{"cssClasses":195,"htmlComments":196,"htmlAttributes":197,"restEndpoints":198,"jsGlobals":203,"shortcodeOutput":204},[],[],[],[199,200,201,202],"\u002Fendpointy-menus\u002Fv1\u002Flocations","\u002Fendpointy-menus\u002Fv1\u002Flocations\u002F(?P\u003Clocation>[a-zA-Z0-9_-]+)","\u002Fendpointy-menus\u002Fv1\u002Fmenus","\u002Fendpointy-menus\u002Fv1\u002Fmenus\u002F(?P\u003Cid>[0-9]+)",[],[]]