[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_YdljW5Ibduyg6xId40YCqt-hTRUsSoNrVZNIV1mlJ0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":128,"fingerprints":260},"jsonpress","JSONPress","0.3","takien","https:\u002F\u002Fprofiles.wordpress.org\u002Ftakien\u002F","\u003Cp>JSONPress – Allows you to request WordPress site via JSON\u002FJSONP output using standard WordPress query.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Access JSON via sub domain, ex. \u003Ccode>api.example.com\u003C\u002Fcode> (sub domain must be configured separately)\u003C\u002Fli>\n\u003Cli>Supports \u003Ccode>JSONP\u003C\u002Fcode> callback.\u003C\u002Fli>\n\u003Cli>Easy to debug output using \u003Ccode>JSON pretty print\u003C\u002Fcode> or \u003Ccode>print_r\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>You can \u003Ccode>exclude columns\u002Fdata\u003C\u002Fcode> to be displayed in JSON output.\u003C\u002Fli>\n\u003Cli>You can include \u003Ccode>custom fields\u003C\u002Fcode> too.\u003C\u002Fli>\n\u003Cli>This plugin uses \u003Ccode>standard WordPress query\u003C\u002Fcode>, no SQL hack etc.\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>standard WordPress URL\u003C\u002Fcode>, no need to remember new annoying URL.\u003C\u002Fli>\n\u003Cli>And many more features I don’t tell here.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Special\u003C\u002Fh4>\n\u003Cp>Not only posts\u002Fpage, you can also call some functions via URL.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>example.com\u002Fget\u002Fwp_list_categories\u003C\u002Fcode> to displays list categories in JSON format\u003C\u002Fli>\n\u003Cli>\u003Ccode>example.com\u002Fget\u002Fwp_list_pages\u003C\u002Fcode> to displays list pages\u003C\u002Fli>\n\u003Cli>\u003Ccode>example.com\u002Fget\u002Fwp_nav_menu\u003C\u002Fcode> to displays menus\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hei, how about $args of those functions?\u003Cbr \u002F>\n* \u003Ccode>example.com\u002Fget\u002Fwp_list_categories?args[orderby]=ID&args[exclude]=1,3,4&args[child_of]=2\u003C\u002Fcode> etc. cool, right?\u003Cbr \u002F>\n* Use subdomain API is recommended to ensure all links\u002Fpermalinks are rewritten to API URL.\u003C\u002Fp>\n","JSONPress - Allows you to request WordPress site via JSON\u002FJSONP output.",10,2629,0,"2013-08-28T10:37:00.000Z","3.6.1","3.5.1","",[19,20,21,22,23],"api","json","jsonp","rest","restful","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjsonpress.0.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,1390,30,84,"2026-04-04T11:51:01.234Z",[36,63,79,93,110],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":27},"json-api-user","JSON API User","4.1.0","Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fparorrey\u002F","\u003Cp>JSON API User extends the JSON API Plugin with a new Controller to allow RESTful user registration, authentication, password reset, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile get and update methods. This plugin is for WordPress\u002FMobile app developers who want to use WordPress as mobile app data backend.\u003C\u002Fp>\n\u003Cp>JSON API Plugin, that is required, was closed on August 7, 2019 from WordPress repository. You can download \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api\" rel=\"nofollow ugc\">JSON API Plugin\u003C\u002Fa> from https:\u002F\u002Fgithub.com\u002FPI-Media\u002Fjson-api until it is republished and available on WordPress.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin was created for mobile apps integration with the web app using WordPress as backend for all the data. WordPress helped in putting together the web app quickly and then Mobile iOS and Android apps were integrated via this plugin. There were some app specific customized methods which are not included but rest have been made generic for community usage.\u003C\u002Fp>\n\u003Cp>My other JSON API Auth plugin has also been integrated with this plugin from version 1.1 because most endpoints required user authentication via cookie for data update.\u003C\u002Fp>\n\u003Cp>Pro Version – JSON API User Plus\u003C\u002Fp>\n\u003Cp>A pro version of this plugin, \u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa>, is available here http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F that supports BuddyPress Messages component, BuddyPress avatar upload, BuddyPress Extended Profile, BuddyPress Groups, BuddyPress Friends, BuddyPress Activity, BuddyPress Notifications, BuddyPres Settings and other BuddyPress related functions to integrate BuddyPress features in your mobile app via REST api.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user-plus\u002F\" rel=\"nofollow ugc\">JSON API User Plus\u003C\u002Fa> includes API key which protects and restricts the endpoint calls. This key can be updated from Settings > User Plus options page. Your app must include this key with every call to get the data from REST API. Please see documentation for calling endpoints examples for ‘JSON API User Plus’.\u003C\u002Fp>\n\u003Cp>JSON API User Plus features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate Auth Cookie for user authentication\u003C\u002Fli>\n\u003Cli>Validate Auth Cookie\u003C\u002Fli>\n\u003Cli>RESTful User Registration\u003C\u002Fli>\n\u003Cli>RESTful Facebook Login\u002FRegistration with valid access_token\u003C\u002Fli>\n\u003Cli>RESTful BuddyPress xProfile fields update\u003C\u002Fli>\n\u003Cli>Get User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Update User Meta and xProfile fields\u003C\u002Fli>\n\u003Cli>Delete User Meta\u003C\u002Fli>\n\u003Cli>Password Reset\u003C\u002Fli>\n\u003Cli>Get\u002FUpload Avatar\u003C\u002Fli>\n\u003Cli>Get User Info\u003C\u002Fli>\n\u003Cli>Post Comment\u003C\u002Fli>\n\u003Cli>Add Post, Update Post, Delete Post\u003C\u002Fli>\n\u003Cli>Add\u002FEdit\u002FDelete Custom Post Type, Custom Fields\u003C\u002Fli>\n\u003Cli>Search User\u003C\u002Fli>\n\u003Cli>BuddyPress Activities\u003C\u002Fli>\n\u003Cli>BuddyPress Members\u003C\u002Fli>\n\u003Cli>BuddyPress Friends\u003C\u002Fli>\n\u003Cli>BuddyPress Notifications\u003C\u002Fli>\n\u003Cli>BuddyPress Settings\u003C\u002Fli>\n\u003Cli>& many more\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.",1000,120913,78,21,"2025-07-29T11:54:00.000Z","6.8.5","3.0.1","5.3",[53,54,55,56,57],"authentication","json-api","restful-facebook-login","restful-user-meta-and-buddypress-xprofile","restful-user-registration","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-user\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-user.4.1.0.zip",97,1,"2024-07-10 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":11,"downloaded":71,"rating":13,"num_ratings":13,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":17,"download_link":78,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"cafe-api","CAFEHAUS API","1.0.0","cafehaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fcafehaus\u002F","\u003Cp>兼容小程序、APP和H5的多端 API 插件，提供更加优雅的路由、入参和出参，开箱即用零依赖零设置，让前端用着更省心\u003C\u002Fp>\n\u003Cp>接口特点:\u003Cbr \u002F>\n* 兼容小程序、APP和H5的多端 API 插件，提供更加优雅的路由、入参和出参，开箱即用零依赖零设置\u003Cbr \u002F>\n* 统一接口数据返回格式：code、data、message，方便前端做统一拦截处理\u003Cbr \u002F>\n* 统一分页查询数据，直接在数据中返回总条数和总页，方便前端做分页和判断是否到最后一页\u003Cbr \u002F>\n* 统一接口入参、出参变量名，字段名全部统一小驼峰命名\u003Cbr \u002F>\n* 去掉接口中无用的数据，官方的 REST API 接口中返回了很多无用的字段，优化数据层级，提供树形数据\u003Cbr \u002F>\n* 本插件可实现的前端功能汇总：登录、注册、修改密码、修改个人资料、发表评论、文章列表、文章详情、文章查询、文章归档、轮播(取置顶文章)、分类列表、标签列表、用户列表、页面列表\u003Cbr \u002F>\n* 无破坏性，接口功能未使用 Filters，全部新加路由实现，和官方的 WordPress REST API 互不影响\u003Cbr \u002F>\n* WordPress REST API 官方部分的请求参数和功能根据自己平时遇到的场景并未提供，可能有遗漏的地方，欢迎大家提 issue 和 纠错\u003C\u002Fp>\n","兼容小程序、APP和H5的多端 API 插件，提供更加优雅的路由、入参和出参，开箱即用零依赖零设置，让前端用着更省心",795,"2022-11-16T13:29:00.000Z","6.1.10","5.0","7.0",[19,77,20,23],"app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcafe-api.1.0.0.zip",{"slug":80,"name":81,"version":82,"author":40,"author_profile":41,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":86,"num_ratings":61,"last_updated":87,"tested_up_to":73,"requires_at_least":88,"requires_php":51,"tags":89,"homepage":91,"download_link":92,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"json-api-cincopa","JSON API Cincopa","2.5.0","\u003Cp>JSON API Cincopa plugin extends the JSON API Plugin with a new Controller to provide Cincopa Easy Albums Listing for any user. This plugin is for WordPress\u002FMobile app developers who want to use Cincopa Easy Albums Plugin in conjunction with JSON API plugin as media gallery for their mobile app.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy Albums Listing\u003C\u002Fli>\n\u003Cli>Easy Albums Items Listing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin was created to make available Cincopa Easy Albums Plugin Media listing for mobile apps via JSON API Plugin.\u003C\u002Fp>\n\u003Cp>Hope this will help some.\u003C\u002Fp>\n\u003Cp>For details, please check this: http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-cincopa\u002F\u003C\u002Fp>\n","Extends the JSON API Plugin to allow RESTful Cincopa Easy Albums Listing for any user",7975,100,"2023-03-13T14:31:00.000Z","4.6",[54,90],"restful-cincopa-easy-albums","http:\u002F\u002Fwww.parorrey.com\u002Fsolutions\u002Fjson-api-cincopa\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-cincopa.2.5.0.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":102,"requires_at_least":50,"requires_php":17,"tags":103,"homepage":107,"download_link":108,"security_score":86,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":109},"json-api-delete-user","JSON API Delete User","1.0","aiyaz Khorajia","https:\u002F\u002Fprofiles.wordpress.org\u002Faiyaz\u002F","\u003Cp>JSON API DELETE USER extends the JSON API Plugin with a new Controller to delete user with meta data.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>You need to create nonce to delete user, nonce can be created by calling http:\u002F\u002Flocalhost\u002Fapi\u002Fget_nonce\u002F?controller=user&method=delete_user_with_meta\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can then use ‘nonce’ value to delete user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>= Method: delete_user_with_meta=\u003C\u002Fp>\n\u003Cp>You can find example.php file to understand delete user api call via curl.\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Flocalhost\u002Fwordpress\u002Fapi\u002Fuser\u002Fdelete_user_with_meta?email=example@domain.com\u003C\u002Fp>\n","Delete User with meta details add-ons for JSON API",1322,"4.4.34",[104,105,54,94,106],"delete-user-api","delete-usermeta","restful-delete-user","http:\u002F\u002Fwww.resumedirectory.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-api-delete-user.zip","2026-03-15T10:48:56.248Z",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":11,"downloaded":118,"rating":86,"num_ratings":61,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":17,"tags":122,"homepage":126,"download_link":127,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"moby-blog","Moby Blog","1.1.6","Restart Labs Srls","https:\u002F\u002Fprofiles.wordpress.org\u002Frestartlabs\u002F","\u003Cp>MOBY BLOG – YOUR BLOG BECOMES MOBILE\u003C\u002Fp>\n\u003Cp>****ARE YOU A BLOGGER? HAVE A WORDPRESS BLOG?****\u003C\u002Fp>\n\u003Cp>Turn it for free into a user friendly app for smartphones and tablets in few minutes and Boost users and mobile visits by 25-60%!\u003C\u002Fp>\n\u003Cp>Moby Blog is a completely free mobile app that allows you to make your blog optimized for viewing on mobile devices. It allows your users to read the latest news from your blog through a user friendly app at no extra charge. Only few minutes to activate!\u003C\u002Fp>\n\u003Cp>****GROW YOUR AUDIENCE AND INCREASE MOBILE VISITS TO YOUR BLOG BY 25-60%****\u003C\u002Fp>\n\u003Cp>Moby Blog is an innovative app that creates a community of WordPress Blogs.\u003C\u002Fp>\n\u003Cp>Join Moby Blog and make your blog discoverable by all other active users of the Moby Blog app through categories and recent blog sections.\u003C\u002Fp>\n\u003Cp>Moby Blog makes you gain a new audience targeted by category, bring many new visitors to your blog and increase your earnings.\u003C\u002Fp>\n\u003Cp>****HOW TO JOIN****\u003C\u002Fp>\n\u003Cp>INSTALL WORDPRESS PLUGIN\u003Cbr \u002F>\nInstall our awesome little plugin on your WordPress Blogs! (Look for Moby Blog on WordPress Plugins Directory)\u003C\u002Fp>\n\u003Cp>JOIN MOBY BLOG\u003Cbr \u002F>\nSubscribe to Moby Blog & add your Blogs! http:\u002F\u002Fwww.mobyblogapp.com\u003C\u002Fp>\n\u003Cp>ENJOY\u003Cbr \u002F>\nDiscover all contents of your blog on Moby Blog App! 🙂\u003C\u002Fp>\n\u003Cp>Please visit http:\u002F\u002Fwww.mobyblogapp.com for further information\u003C\u002Fp>\n","Moby Blog - One APP for All Your Wordpress Blog! FREE! Are you a Blogger? Have a WordPress Blog? Turn it for free into a user friendly app for smartph &hellip;",1615,"2017-03-13T15:02:00.000Z","4.5.33","4.0",[123,20,124,125,23],"api-restfull","mobile-app","mobyblog","http:\u002F\u002Fwww.mobyblogapp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoby-blog.zip",{"attackSurface":129,"codeSignals":181,"taintFlows":218,"riskAssessment":245,"analyzedAt":259},{"hooks":130,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":13,"unprotectedCount":13},[131,137,143,146,150,153,157,161,165,169,174],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","init","jsonpress_endpoints_add_endpoint","jsonpress.php",25,{"type":138,"name":139,"callback":140,"priority":141,"file":135,"line":142},"filter","site_url","jsonpress_site_url",200,27,{"type":138,"name":144,"callback":140,"priority":141,"file":135,"line":145},"home_url",28,{"type":138,"name":147,"callback":148,"file":135,"line":149},"template_include","jsonpress_template",29,{"type":132,"name":151,"callback":152,"priority":61,"file":135,"line":32},"pre_get_posts","jsonpress_custom_query",{"type":138,"name":154,"callback":155,"file":135,"line":156},"rewrite_rules_array","jsonpress_insert_rules",33,{"type":138,"name":158,"callback":159,"file":135,"line":160},"query_vars","jsonpress_query_vars",34,{"type":132,"name":162,"callback":163,"priority":61,"file":135,"line":164},"template_redirect","jsonpress_template_redirect",37,{"type":132,"name":166,"callback":167,"file":135,"line":168},"admin_notices","jsonpress_admin_notice",45,{"type":132,"name":170,"callback":171,"file":172,"line":173},"admin_init","register_setting","options\\easy-options.php",44,{"type":132,"name":175,"callback":176,"file":172,"line":168},"admin_menu","add_page",[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":217},[],{"prepared":13,"raw":13,"locations":184},[],{"escaped":186,"rawEcho":187,"locations":188},3,14,[189,192,194,196,198,200,202,204,206,208,210,212,214,215],{"file":135,"line":190,"context":191},146,"raw output",{"file":135,"line":193,"context":191},246,{"file":135,"line":195,"context":191},247,{"file":135,"line":197,"context":191},301,{"file":135,"line":199,"context":191},304,{"file":135,"line":201,"context":191},307,{"file":172,"line":203,"context":191},147,{"file":172,"line":205,"context":191},155,{"file":172,"line":207,"context":191},162,{"file":172,"line":209,"context":191},169,{"file":172,"line":211,"context":191},183,{"file":172,"line":213,"context":191},188,{"file":172,"line":213,"context":191},{"file":172,"line":216,"context":191},193,[],[219,236],{"entryPoint":220,"graph":221,"unsanitizedCount":61,"severity":235},"jsonpress_json_output (jsonpress.php:297)",{"nodes":222,"edges":232},[223,227],{"id":224,"type":225,"label":226,"file":135,"line":197},"n0","source","$_GET['callback']",{"id":228,"type":229,"label":230,"file":135,"line":197,"wp_function":231},"n1","sink","echo() [XSS]","echo",[233],{"from":224,"to":228,"sanitized":234},false,"medium",{"entryPoint":237,"graph":238,"unsanitizedCount":61,"severity":244},"\u003Cjsonpress> (jsonpress.php:0)",{"nodes":239,"edges":242},[240,241],{"id":224,"type":225,"label":226,"file":135,"line":197},{"id":228,"type":229,"label":230,"file":135,"line":197,"wp_function":231},[243],{"from":224,"to":228,"sanitized":234},"low",{"summary":246,"deductions":247},"The 'jsonpress' plugin version 0.3 exhibits a mixed security posture. On the positive side, the plugin has no recorded historical vulnerabilities, suggesting a generally well-maintained codebase or a lack of prior scrutiny. The static analysis reveals a commendably small attack surface with no apparent entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication or permission checks. Furthermore, it uses prepared statements for all SQL queries and avoids file operations and external HTTP requests, which are common vectors for exploits.\n\nHowever, significant concerns arise from the output escaping. A low percentage (18%) of outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. If any of the 17 outputs are user-controlled or reflect data that could be manipulated by an attacker, this presents a clear and present danger. The taint analysis also flags two flows with unsanitized paths, though currently classified as no critical or high severity. This, combined with the lack of capability checks and nonce checks, means that any discovered vulnerability could potentially be exploited more easily. The absence of these fundamental security checks is a notable weakness, especially given the poor output escaping.\n\nIn conclusion, while 'jsonpress' v0.3 demonstrates strengths in limiting its attack surface and secure database interactions, the severe lack of proper output escaping and the absence of nonce and capability checks represent critical security weaknesses. The absence of historical vulnerabilities is a positive indicator, but it does not negate the immediate risks identified in the current code analysis. Users should be highly cautious and ensure that all outputs are properly sanitized before this plugin is used in a production environment.",[248,251,254,257],{"reason":249,"points":250},"Poor output escaping (18% properly escaped)",15,{"reason":252,"points":253},"Unsanitized paths in taint analysis",8,{"reason":255,"points":256},"No nonce checks",5,{"reason":258,"points":256},"No capability checks","2026-03-17T00:32:04.565Z",{"wat":261,"direct":270},{"assetPaths":262,"generatorPatterns":267,"scriptPaths":268,"versionParams":269},[263,264,265,266],"\u002Fwp-content\u002Fplugins\u002Fjsonpress\u002Foptions\u002Fimages\u002Ficon-setting-small.png","\u002Fwp-content\u002Fplugins\u002Fjsonpress\u002Foptions\u002Fimages\u002Ficon-setting-large.png","\u002Fwp-content\u002Fplugins\u002Fjsonpress\u002Foptions\u002Fimages\u002Fabout-small.png","\u002Fwp-content\u002Fplugins\u002Fjsonpress\u002Foptions\u002Fimages\u002Fabout-large.png",[],[],[],{"cssClasses":271,"htmlComments":272,"htmlAttributes":273,"restEndpoints":279,"jsGlobals":283,"shortcodeOutput":284},[],[],[274,275,276,277,278],"data-setting-group=\"jsonpress-settings\"","data-setting-name=\"site_domain\"","data-setting-name=\"api_domain\"","data-setting-name=\"exclude_columns\"","data-setting-name=\"exclude_query\"",[280,281,282],"\u002Fwp-json\u002Fjsonpress","\u002Fwp-json\u002Fjsonpress\u002Fv1","\u002Fwp-json\u002Fjsonpress\u002Fv1\u002Fposts",[],[]]