Does MB Rest API have any unpatched vulnerabilities?

No. All known vulnerabilities in MB Rest API have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MB Rest API compatible with WordPress 6.9.4?

According to WordPress.org data, MB Rest API 2.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MB Rest API compatible with PHP 7.0+?

MB Rest API requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MB Rest API updated?

MB Rest API was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is MB Rest API's security score?

MB Rest API has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MB Rest API Security & Risk Analysis

wordpress.org/plugins/mb-rest-api

Get and update Meta Box custom fields to the WordPress REST API responses.

1K active installs v2.0.6 PHP 7.0+ WP 4.1+ Updated Mar 9, 2026

custom-fieldsmeta-boxrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MB Rest API Safe to Use in 2026?

Generally Safe

Score 100/100

MB Rest API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago

Risk Assessment

The "mb-rest-api" plugin v2.0.6 demonstrates a generally good security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, combined with a lack of dangerous functions and file operations, significantly limits its attack surface. The fact that all SQL queries are properly prepared is a strong indicator of secure database interaction practices.

However, a notable concern arises from the output escaping. With 1 total output and 0% properly escaped, this presents a potential risk for Cross-Site Scripting (XSS) vulnerabilities if the output is user-controlled or dynamic. The presence of one capability check without any associated nonce checks on potential entry points (though none were identified) could be an area of improvement for more robust authorization, even if the current attack surface is minimal.

The plugin has no recorded vulnerabilities, CVEs, or history of past issues. This, coupled with the limited attack surface and secure SQL practices, suggests the developers have been diligent in maintaining security. However, the unescaped output remains the most significant identifiable risk that requires attention.

Key Concerns

Output escaping is not implemented

Vulnerabilities

None known

MB Rest API Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MB Rest API Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

MB Rest API Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actioninitmb-rest-api.php:44

actionrest_api_initsrc\Base.php:34

Maintenance & Trust

MB Rest API Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.0

Downloads39K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

MB Rest API Alternatives

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

MB Elementor Integration

mb-elementor-integrator

100

Integrates Meta Box's custom fields with Elementor page builder via dynamic tags.

2K No CVEs

Custom Fields for Gutenberg

custom-fields-gutenberg

100

Restores the Custom Field meta box for the Gutenberg Block Editor.

1K No CVEs

MB Yoast SEO Integration

meta-box-yoast-seo

Add content of Meta Box custom fields to Yoast SEO Content Analysis.

700 No CVEs

MB FacetWP Integration

meta-box-facetwp-integrator

100

Integrates Meta Box custom fields with FacetWP. Make custom fields filterable.

600 No CVEs

Developer Profile

MB Rest API Developer Profile

Anh Tran

17 plugins · 85K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

76 days

View full developer profile

Detection Fingerprints

How We Detect MB Rest API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mb-rest-api/src/assets/js/settings.js/wp-content/plugins/mb-rest-api/src/assets/css/settings.css

Script Paths

/wp-content/plugins/mb-rest-api/src/assets/js/settings.js

Version Parameters

mb-rest-api/src/assets/css/settings.css?ver=mb-rest-api/src/assets/js/settings.js?ver=

HTML / DOM Fingerprints

JS Globals

mbRestApiSettings

REST Endpoints

/meta-box/v1/settings-page//meta-box/v1/post//meta-box/v1/term//meta-box/v1/user//meta-box/v1/comment/

FAQ