WP-Safety

JSON API Auth Security & Risk Analysis

wordpress.org/plugins/json-api-auth

Extends the JSON API Plugin for RESTful user authentication

800 active installs v3.0.0 PHP 5.3+ WP 3.0.1+ Updated Jul 29, 2025
apiauthenticate-userjson-apiwordpress-user-authentication
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is JSON API Auth Safe to Use in 2026?

Generally Safe

Score 100/100

JSON API Auth has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "json-api-auth" plugin v3.0.0 demonstrates an exceptionally strong security posture based on the provided static analysis. The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its potential attack surface. Furthermore, the code analysis reveals a commitment to secure coding practices, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The lack of file operations and external HTTP requests further reduces the risk of common web vulnerabilities. The plugin's vulnerability history is also clean, with no recorded CVEs, indicating a history of responsible development and maintenance. The absence of taint analysis results suggests no apparent pathways for unsanitized data to enter critical functions. In conclusion, this plugin appears to be very well-secured.

Vulnerabilities
None known

JSON API Auth Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

JSON API Auth Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped1 total outputs
Attack Surface

JSON API Auth Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_noticesjson-api-auth.php:33
filterjson_api_controllersjson-api-auth.php:39
filterjson_api_auth_controller_pathjson-api-auth.php:41
actioninitjson-api-auth.php:43
Maintenance & Trust

JSON API Auth Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 29, 2025
PHP min version5.3
Downloads79K

Community Trust

Rating94/100
Number of ratings11
Active installs800
Alternatives

JSON API Auth Alternatives

REST API Toolbox

REST API Toolbox

rest-api-toolbox

A
92

Allows tweaking of several REST API settings

2K No CVEs
JSON API User

JSON API User

json-api-user

A
97

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE
REST API Helper

REST API Helper

rest-api-helper

A
85

This plugin help REST API for display featured media source, author, categories, and custom fields.

600 No CVEs
Kill JSON REST API

Kill JSON REST API

kill-json-rest-api

A
85

Completely disables JSON REST API for both registered and anonymous users in WordPress 4.7.* and removes API links and tags.

20 No CVEs
Get Json Api

Get Json Api

get-json-api

A
85

Retrieve the results of the API of a site that uses the plugin JSON API

10 No CVEs
Developer Profile

JSON API Auth Developer Profile

Ali Qureshi

5 plugins · 2K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
20 days
View full developer profile
Detection Fingerprints

How We Detect JSON API Auth

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about JSON API Auth