[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8Jg1fVewvsgu5o10-759DhlR7QdtK1fPnNS9mHZVZtg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":133,"fingerprints":201},"mksddn-collection-for-postman","MksDdn Collection for Postman","2.1.0","Max","https:\u002F\u002Fprofiles.wordpress.org\u002Fmksddn\u002F","\u003Cp>MksDdn Collection for Postman helps developers quickly generate a Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for WordPress REST API endpoints. The plugin automatically discovers and includes standard WordPress entities, custom post types, options pages, and individual pages. Generated collections include pre-configured requests with sample data and can be downloaded as JSON files for import into Postman. OpenAPI spec can be used with Swagger UI, Redoc, or frontend code generators.\u003C\u002Fp>\n\u003Cp>The plugin provides comprehensive API testing capabilities with automatic generation of test data for form submissions, support for file uploads via multipart\u002Fform-data, and seamless integration with Advanced Custom Fields (ACF). Special handling is included for the mksddn-forms-handler plugin when active.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Basic REST endpoints: pages, posts, categories, tags, taxonomies, comments, users, settings\u003Cbr \u002F>\n– WooCommerce REST API (wc\u002Fv3): products, product categories, orders with full CRUD when WooCommerce is active\u003Cbr \u002F>\n– Search functionality: Posts, Pages, and All content types with customizable queries\u003Cbr \u002F>\n– Custom Post Types with full CRUD operations (List, Get by Slug\u002FID, Create, Update, Delete)\u003Cbr \u002F>\n– ACF\u002FSCF fields: auto-included for all post types when ACF or Smart Custom Fields plugin is active\u003Cbr \u002F>\n– Special handling for Forms (mksddn-forms-handler integration)\u003Cbr \u002F>\n– Options endpoints: \u003Ccode>\u002Fwp-json\u002Fcustom\u002Fv1\u002Foptions\u002F...\u003C\u002Fcode>\u003Cbr \u002F>\n– Individual pages by slug with ACF field support\u003Cbr \u002F>\n– Automatic test data generation for form submissions\u003Cbr \u002F>\n– Support for multipart\u002Fform-data for file uploads\u003Cbr \u002F>\n– Yoast SEO integration (automatic yoast_head_json inclusion)\u003Cbr \u002F>\n– Multilingual support with Accept-Language headers (Polylang priority)\u003Cbr \u002F>\n– OpenAPI 3.0 export for API documentation (Swagger UI, Redoc)\u003Cbr \u002F>\n– Extensible via WordPress filters\u003Cbr \u002F>\n– WP-CLI integration for command-line usage\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin references external services for Postman Collection schema validation:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Postman Collection Schema Service\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: Postman Collection Schema (schema.getpostman.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: Used to validate and structure the generated Postman Collection JSON according to the official Postman Collection v2.1.0 specification\u003Cbr \u002F>\n– \u003Cstrong>Data sent\u003C\u002Fstrong>: No data is sent to this service. The plugin only references the schema URL for validation purposes\u003Cbr \u002F>\n– \u003Cstrong>When\u003C\u002Fstrong>: The schema URL is included in the generated collection metadata for Postman to validate the collection structure\u003Cbr \u002F>\n– \u003Cstrong>Terms of service\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fterms-of-use\u002F\u003Cbr \u002F>\n– \u003Cstrong>Privacy policy\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin does not send any user data to external services. The schema reference is purely for collection structure validation within the Postman application.\u003C\u002Fp>\n","Generate Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for the WordPress REST API from the admin UI.",0,452,"","6.9.4","6.2","8.1",[18,19,20,21,22],"collection","developer-tools","openapi","postman","rest-api","https:\u002F\u002Fgithub.com\u002Fmksddn\u002FWP-MksDdn-Postman-Collection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmksddn-collection-for-postman.2.1.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mksddn",3,30,94,"2026-04-04T19:18:59.299Z",[36,59,77,92,111],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"wp-openapi","WP OpenAPI","1.0.27","moon0326","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoon0326\u002F","\u003Cp>WP OpenAPI is a WordPress plugin that generates OpenAPI 3.1.0 compatible documentation for your WordPress REST APIs.\u003C\u002Fp>\n\u003Cp>It has two main features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Outputs OpenAPI 3.1.0 spec at \u002Fwp-json-openapi\u003C\u002Fli>\n\u003Cli>Provides OpenAPI viewer using Stoplight’s awesome Elements viewer   \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also export your documentation as a single HTML to host it in a server easily.\u003C\u002Fp>\n\u003Cp>See more details at https:\u002F\u002Fgithub.com\u002Fmoon0326\u002Fwp-openapi\u003C\u002Fp>\n","WP OpenAPI is a WordPress plugin to provide the OpenAPI spec and a beautifu viewer for your WordPress REST API.",300,20747,76,4,"2025-11-18T02:36:00.000Z","6.8.5","5.8","7.1",[53,54,20,22,55],"api","documentation","swagger","https:\u002F\u002Fgithub.com\u002Fmoon0326\u002Fwp-openapi","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-openapi.1.0.27.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":13,"download_link":75,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"document-generator-for-openapi","Document Generator for OpenAPI","1.1.0","Schneider & Schütz GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fschneiderundschuetz\u002F","\u003Cp>This plugin reads the schema definition of a given WordPress REST Api namespace and transforms it to a\u003Cbr \u002F>\nOpenAPI document. The generator itself is exposed via the WordPress REST Api with the namespace document-generator-for-openapi\u002Fv1.\u003C\u002Fp>\n\u003Cp>There is also a built in WP-CLI Command.\u003C\u002Fp>\n\u003Ch3>Limitations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Beware that currently the generator is exposeed to anonymous users since the WordPress schema endpoint is also publicly\u003Cbr \u002F>\navailable. Use it at your own risk or disable the plugin after use.\u003C\u002Fli>\n\u003Cli>No UI for configuration yet\u003C\u002Fli>\n\u003Cli>Currently only version 3.1.0 of the OpenAPI specification is implemented. Swagger tools for 3.0.0 might work though.\u003C\u002Fli>\n\u003Cli>Extensibility with hooks needs to be improved\u003C\u002Fli>\n\u003C\u002Ful>\n","OpenAPI (fka. Swagger) Document Generator for WordPress REST API",40,8156,"2023-07-04T17:59:00.000Z","6.2.9","5.7","7.0",[53,74,20,22,55],"generator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdocument-generator-for-openapi.1.1.0.zip",85,{"slug":78,"name":79,"version":62,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":32,"downloaded":84,"rating":11,"num_ratings":11,"last_updated":85,"tested_up_to":49,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":90,"download_link":91,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"rest-api-route-tester","REST API Route Tester","Nowshad Jawad","https:\u002F\u002Fprofiles.wordpress.org\u002Fjawad0501\u002F","\u003Cp>REST API Route Tester is a powerful tool for WordPress developers and administrators to test and debug REST API endpoints directly from the wp-admin. It provides a user-friendly interface to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all registered REST API routes, grouped by plugin\u003C\u002Fli>\n\u003Cli>Test routes with HTTP methods (GET, POST, PUT, DELETE)\u003C\u002Fli>\n\u003Cli>Switch between different user roles to test permissions\u003C\u002Fli>\n\u003Cli>Send custom headers and body data (JSON)\u003C\u002Fli>\n\u003Cli>View detailed responses including status codes and response time\u003C\u002Fli>\n\u003Cli>Create multiple request tabs and persist state between sessions\u003C\u002Fli>\n\u003Cli>Auto-suggest routes with a searchable dropdown; auto-select primary method\u003C\u002Fli>\n\u003Cli>Generate example payloads based on route schema (via OPTIONS discovery)\u003C\u002Fli>\n\u003C\u002Ful>\n","A tool to test WordPress REST API routes with different user roles and authentication methods. Provides a Postman-like interface inside WordPress to d &hellip;",625,"2025-10-16T10:34:00.000Z","5.0","7.2",[53,19,22,89],"testing","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api-route-tester\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-route-tester.1.1.0.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":32,"num_ratings":102,"last_updated":103,"tested_up_to":13,"requires_at_least":15,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":110,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"woocommerce-legacy-rest-api","WooCommerce Legacy REST API","1.0.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.woocommerce.com\u002F2023\u002F10\u002F03\u002Fthe-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0\u002F\" rel=\"nofollow ugc\">The Legacy REST API will no longer part of WooCommerce as of version 9.0\u003C\u002Fa>. This plugin restores the full functionality of the removed Legacy REST API code in WooCommerce 9.0 and later versions.\u003C\u002Fp>\n\u003Cp>For all intents and purposes, having this plugin installed and active in WooCommerce 9.0 and newer versions is equivalent to enabling the Legacy REST API in WooCommerce 8.9 and older versions (via WooCommerce – Settings – Advanced – Legacy API). All the endpoints work the same way, and existing user keys also continue working.\u003C\u002Fp>\n\u003Cp>On the other hand, installing this plugin together with WooCommerce 8.9 or an older version is safe: the plugin detects that the Legacy REST API is still part of WooCommerce and doesn’t initialize itself as to not interfere with the built-in code.\u003C\u002Fp>\n\u003Cp>Please note that \u003Cstrong>the Legacy REST API is not compatible with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fhigh-performance-order-storage\u002F\" rel=\"nofollow ugc\">High-Performance Order Storage\u003C\u002Fa>\u003C\u002Fstrong>. Upgrading the code that relies on the Legacy REST API to use the current WooCommerce REST API instead is highly recommended.\u003C\u002Fp>\n","The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.",400000,2304709,27,"2025-01-23T18:59:00.000Z","7.4",[22,106,107],"woo","woocommerce","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce-legacy-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-legacy-rest-api.1.0.5.zip",92,{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":131,"download_link":132,"security_score":76,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[128,53,129,130,22],"admin","json","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"attackSurface":134,"codeSignals":158,"taintFlows":193,"riskAssessment":194,"analyzedAt":200},{"hooks":135,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":11,"unprotectedCount":11},[136,141,145,149],{"type":137,"name":138,"callback":139,"file":140,"line":32},"action","admin_menu","add_admin_menu","includes\\class-postman-admin.php",{"type":137,"name":142,"callback":143,"file":140,"line":144},"admin_post_generate_postman_collection","handle_generation",31,{"type":137,"name":146,"callback":147,"file":140,"line":148},"admin_enqueue_scripts","enqueue_admin_scripts",32,{"type":137,"name":150,"callback":151,"file":152,"line":153},"init","closure","mksddn-collection-for-postman.php",44,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":190,"externalRequests":11,"nonceChecks":191,"capabilityChecks":190,"bundledLibraries":192},[],{"prepared":11,"raw":11,"locations":161},[],{"escaped":163,"rawEcho":164,"locations":165},19,11,[166,169,171,173,175,177,179,181,183,185,188],{"file":140,"line":167,"context":168},205,"raw output",{"file":140,"line":170,"context":168},236,{"file":140,"line":172,"context":168},238,{"file":140,"line":174,"context":168},255,{"file":140,"line":176,"context":168},261,{"file":140,"line":178,"context":168},262,{"file":140,"line":180,"context":168},266,{"file":140,"line":182,"context":168},285,{"file":140,"line":184,"context":168},286,{"file":186,"line":187,"context":168},"includes\\class-postman-generator.php",229,{"file":186,"line":189,"context":168},254,2,1,[],[],{"summary":195,"deductions":196},"The \"mksddn-collection-for-postman\" plugin version 2.1.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, including currently unpatched vulnerabilities, is a significant positive indicator. Furthermore, the static analysis reveals a commendable lack of critical vulnerabilities such as dangerous functions, raw SQL queries, and unsanitized taint flows. The presence of nonce and capability checks, coupled with 100% of SQL queries using prepared statements, demonstrates good development practices in preventing common attack vectors.\n\nHowever, a notable area for improvement lies in output escaping. With only 63% of outputs properly escaped, there is a risk of cross-site scripting (XSS) vulnerabilities in the remaining 37% of output operations. While the current attack surface is reported as zero, this could change with future updates. The presence of file operations also warrants attention, as without proper sanitization and validation, these could be exploited.\n\nOverall, the plugin appears to be developed with security in mind, particularly concerning data handling and authentication. The vulnerability history of zero recorded CVEs is excellent. The primary concern is the moderate percentage of unescaped output, which represents a potential weakness that could be exploited by attackers to inject malicious scripts. Addressing this would significantly enhance the plugin's security.",[197],{"reason":198,"points":199},"Moderate percentage of unescaped output",5,"2026-03-17T05:57:31.186Z",{"wat":202,"direct":211},{"assetPaths":203,"generatorPatterns":206,"scriptPaths":207,"versionParams":208},[204,205],"\u002Fwp-content\u002Fplugins\u002Fmksddn-collection-for-postman\u002Fincludes\u002Fjs\u002Fpostman-admin.js","\u002Fwp-content\u002Fplugins\u002Fmksddn-collection-for-postman\u002Fincludes\u002Fcss\u002Fpostman-admin.css",[],[204],[209,210],"mksddn-collection-for-postman\u002Fincludes\u002Fjs\u002Fpostman-admin.js?ver=","mksddn-collection-for-postman\u002Fincludes\u002Fcss\u002Fpostman-admin.css?ver=",{"cssClasses":212,"htmlComments":223,"htmlAttributes":227,"restEndpoints":230,"jsGlobals":232,"shortcodeOutput":234},[213,214,215,216,217,218,219,220,221,222],"postman-collection-admin-wrap","postman-collection-form","postman-collection-section","postman-collection-field","postman-collection-label","postman-collection-input","postman-collection-checkbox","postman-collection-submit","postman-collection-download","postman-collection-notice",[224,225,226],"Admin UI for generating and downloading Postman Collection.","Dependencies: Postman_Generator, Postman_Options","Created: 2025-08-19",[228,229],"data-nonce-action=\"generate_postman_collection\"","data-nonce-field=\"_wpnonce\"",[231],"\u002Fwp-json\u002Fmksddn-collection-for-postman\u002Fv1\u002Froutes",[233],"postmanAdminData",[]]