[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fizaIlwu4LH7hBIyktgEEyV3V9Us9ZEF6cat1ihPqs2c":3,"$fiWyfpGwYW704RnzDvvNQFI9XAiNj06liKEHl207QS2o":377,"$ffNFu79w1MkK730BY8_VrkKq-98i4Q7y7UQ4qqA7K9fo":382},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":34,"analysis":139,"fingerprints":356},"mobpress","MobPress","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fmobpress\u002F","\u003Cp>mobpress插件为您提供一些基础文章管理服务，您可通过插件实现您需要的功能，具体提供服务如下：\u003Cbr \u002F>\n1、具备文章编写管理功能，包括文章创建、编辑、删除等\u003Cbr \u002F>\n2、可对栏目进行管理，包括栏目的创建、编辑、删除等\u003Cbr \u002F>\n3、可以配置首页banner，可自行配置图片，增加跳转链接\u003Cbr \u002F>\n4、使用前需要进行一定的初始化设置\u003C\u002Fp>\n\u003Cp>mobpress在提供以上基本服务的同时，让插件与App进行无缝连接，在配置插件完成后就可直接使用App，开发者可在App端对配置内容进行查看与浏览。mobpress不仅提供了简单稳定的外部接口，同时还提供了搜索等接口，开发者可根据自己的需求进行使用。\u003C\u002Fp>\n","A RESTful API for WordPress",10,1384,0,"2017-12-29T07:45:00.000Z","4.3.34","2.8","",[18,19,20,4,21],"api","json","mob","sdk","http:\u002F\u002Fwww.mob.com\u002FdownloadDetail\u002FMobPress\u002Fserver","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobpress.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":4,"display_name":4,"profile_url":7,"plugin_count":30,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-05-20T11:17:42.786Z",[35,56,78,95,116],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":30,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":54,"download_link":55,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"rest-api-helper","REST API Helper","2.2.8","JasmanXcrew","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasmanxcrew\u002F","\u003Cp>This plugin help REST API for display featured media source, author, categories, and custom fields.\u003Cbr \u002F>\nThis plugin is made for \u003Ca href=\"https:\u002F\u002Fgoo.gl\u002FqznlXo\" rel=\"nofollow ugc\">Ionic Mobile App Builder\u003C\u002Fa>, suitable used for ionic framework.\u003Cbr \u002F>\nThis plugin also support for display custom field in metabox and also make it allow crossorigin only for json files. Compatible with wp-restapi2 and json-api.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Product listing without Woo API\u003Cbr \u002F>\n* REST-API Auth Basic\u003Cbr \u002F>\n* Fix CORS and Preflight CORS (Example Issue: Request header field ……. is not allowed by Access-Control-Allow-Headers in preflight response.)\u003Cbr \u002F>\n* Woo ACF Gallery\u003Cbr \u002F>\n* Gallery JSON Array or Object\u003Cbr \u002F>\n* One Signal Push\u003Cbr \u002F>\n* Custom Field Support\u003Cbr \u002F>\n* Fix issue render VisualComposer ([vc_row]Hello World . . .[\u002Fvc_row])\u003C\u002Fp>\n\u003Ch3>Woocommerce\u003C\u002Fh3>\n\u003Cp>for enable Woo product and categories without authorization, add this code in wp-config.php\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_WOO\", true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can changing custom field for gallery (default woo using _product_image_gallery metakey), add this line\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_WOO_ACF_GALLERY\", 'images'); \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>and for type data object or string (default string, separator with coma)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_WOO_ACF_GALLERY_OBJECT\", false);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>OneSignal Sender\u003C\u002Fh3>\n\u003Cp>for enable oneSignal Sender add this code in wp-config.php\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_ONESIGNAL_PUSH\", true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>then fix your app_id and app_key\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_ONESIGNAL_PUSH\", false);\ndefine(\"IMH_ONESIGNAL_PAGE_IN_APP\", 'post_singles'); \u002F\u002Fthis additional data (key: page and value: post_singles\u002Fpost_id)\ndefine(\"IMH_ONESIGNAL_APP_ID\", '31ee45e2-c63d-4048-903a-89ca43f3afa2');\ndefine(\"IMH_ONESIGNAL_APP_KEY\", 'YzUzNmZkOTAtMmVlMC00OWIzLThlNGQtMzQyYzzyNmFhZjcw');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Anonymous Comments\u003C\u002Fh3>\n\u003Cp>You can allow anonymous comments using configuration:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_ALLOW_PREFLIGHT_CORS\",true); \u002F\u002Frequired for method post\ndefine(\"IMH_ANONYMOUS_COMMENTS\",true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>send comment using url like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Fwordpress.co.id\u002Fwp-json\u002Fwp\u002Fv2\u002Fcomments?author_name=Your Name Here&author_email=your-email-address@website-address-here.com&author_name=Your Name Here&content=Your Comment Here&post=20\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Register REST-API\u003C\u002Fh3>\n\u003Cp>You can allow register new user using configuration:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_RESTAPI_REGISTER\",true); \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>End Point:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fwordpress.co.id\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002Fregister\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Visual Composer\u003C\u002Fh3>\n\u003Cp>Fix issue render VisualComposer Content\u003C\u002Fp>\n\u003Cp>Response is:\u003Cbr \u002F>\n[vc_row]Hello World . . .[\u002Fvc_row]\u003Cbr \u002F>\nResponse should be:\u003C\u002Fp>\n\u003Cp>Hello World . . .\u003C\u002Fp>\n\u003Cp>add this code in wp-config.php\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define(\"IMH_VC_SHORTCODE\",true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fihsana.com\" rel=\"nofollow ugc\">Ihsana Global Solusindo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"ihsana.com\u002Fi\u002F?u=imabuilder\" rel=\"nofollow ugc\">IMA BuildeRz – Ionic Mobile App Builder + Code Generator \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fihsana.com\u002Fi\u002F?u=iwpdev\" rel=\"nofollow ugc\">iWP-DevToolz – WordPress Plugin Maker + Code Generator \u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin help REST API for display featured media source, author, categories, and custom fields.",600,22582,100,"2022-01-02T16:25:00.000Z","5.3.21","4.0",[50,19,51,52,53],"ionic","json-api","mobile-app","rest-api","http:\u002F\u002Fihsana.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-helper.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":10,"downloaded":64,"rating":45,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":16,"tags":69,"homepage":75,"download_link":76,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":77},"mobile-app-dashboard-custom-fields-json-api","Mobile APP Dashboard  Custom Fields Json API","1.1","mainsufian","https:\u002F\u002Fprofiles.wordpress.org\u002Fmainsufian\u002F","\u003Cp>Plugin for provide Configuration page or Dashboard for your mobile APP so you can add custom fields as many as you want and get data in Jason API. you just need to install and activate the plugin and add your data in custom fields tab under settings menu after that you need to create a post with jason API type and hit on front end of your post you get jason data of your fields.\u003C\u002Fp>\n","Plugin for provide Configuration page or Dashboard for your mobile APP so you can add custom fields as many as you want and get data in Jason API.",2399,2,"2018-12-30T10:30:00.000Z","5.0.25","3.0.1",[70,71,72,73,74],"dashboard","json_api","mobile","mobileapp","mobile_app_dashboard","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmobile-app-dashboard-custom-fields-json-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobile-app-dashboard-custom-fields-json-api.zip","2026-04-06T09:54:40.288Z",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":10,"downloaded":86,"rating":45,"num_ratings":30,"last_updated":87,"tested_up_to":88,"requires_at_least":48,"requires_php":16,"tags":89,"homepage":93,"download_link":94,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"moby-blog","Moby Blog","1.1.6","Restart Labs Srls","https:\u002F\u002Fprofiles.wordpress.org\u002Frestartlabs\u002F","\u003Cp>MOBY BLOG – YOUR BLOG BECOMES MOBILE\u003C\u002Fp>\n\u003Cp>****ARE YOU A BLOGGER? HAVE A WORDPRESS BLOG?****\u003C\u002Fp>\n\u003Cp>Turn it for free into a user friendly app for smartphones and tablets in few minutes and Boost users and mobile visits by 25-60%!\u003C\u002Fp>\n\u003Cp>Moby Blog is a completely free mobile app that allows you to make your blog optimized for viewing on mobile devices. It allows your users to read the latest news from your blog through a user friendly app at no extra charge. Only few minutes to activate!\u003C\u002Fp>\n\u003Cp>****GROW YOUR AUDIENCE AND INCREASE MOBILE VISITS TO YOUR BLOG BY 25-60%****\u003C\u002Fp>\n\u003Cp>Moby Blog is an innovative app that creates a community of WordPress Blogs.\u003C\u002Fp>\n\u003Cp>Join Moby Blog and make your blog discoverable by all other active users of the Moby Blog app through categories and recent blog sections.\u003C\u002Fp>\n\u003Cp>Moby Blog makes you gain a new audience targeted by category, bring many new visitors to your blog and increase your earnings.\u003C\u002Fp>\n\u003Cp>****HOW TO JOIN****\u003C\u002Fp>\n\u003Cp>INSTALL WORDPRESS PLUGIN\u003Cbr \u002F>\nInstall our awesome little plugin on your WordPress Blogs! (Look for Moby Blog on WordPress Plugins Directory)\u003C\u002Fp>\n\u003Cp>JOIN MOBY BLOG\u003Cbr \u002F>\nSubscribe to Moby Blog & add your Blogs! http:\u002F\u002Fwww.mobyblogapp.com\u003C\u002Fp>\n\u003Cp>ENJOY\u003Cbr \u002F>\nDiscover all contents of your blog on Moby Blog App! 🙂\u003C\u002Fp>\n\u003Cp>Please visit http:\u002F\u002Fwww.mobyblogapp.com for further information\u003C\u002Fp>\n","Moby Blog - One APP for All Your Wordpress Blog! FREE! Are you a Blogger? Have a WordPress Blog? Turn it for free into a user friendly app for smartph &hellip;",1660,"2017-03-13T15:02:00.000Z","4.5.33",[90,19,52,91,92],"api-restfull","mobyblog","restful","http:\u002F\u002Fwww.mobyblogapp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoby-blog.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,758515,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[112,18,19,113,53],"admin","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":137,"download_link":138,"security_score":45,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,906385,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[133,134,135,53,136],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"attackSurface":140,"codeSignals":196,"taintFlows":256,"riskAssessment":347,"analyzedAt":355},{"hooks":141,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":12,"unprotectedCount":12},[142,148,150,155,157,161,165,168,171,174,178,180,184,188],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_notices","wpsdkPhpVersionWarning","json-api.php",26,{"type":143,"name":144,"callback":149,"file":146,"line":31},"wpsdkClassWarning",{"type":151,"name":152,"callback":153,"file":146,"line":154},"filter","rewrite_rules_array","wpsdkRewrites",33,{"type":151,"name":152,"callback":153,"file":146,"line":156},48,{"type":143,"name":158,"callback":159,"file":146,"line":160},"init","wpsdkInit",79,{"type":143,"name":162,"callback":162,"file":163,"line":164},"comment_id_not_found","models\\comment.php",42,{"type":143,"name":166,"callback":166,"file":163,"line":167},"comment_closed",43,{"type":143,"name":169,"callback":169,"file":163,"line":170},"comment_on_draft",44,{"type":151,"name":172,"callback":172,"file":163,"line":173},"comment_post_redirect",45,{"type":143,"name":175,"callback":175,"file":176,"line":177},"template_redirect","singletons\\api.php",9,{"type":143,"name":179,"callback":179,"file":176,"line":10},"admin_menu",{"type":143,"name":181,"callback":182,"file":176,"line":183},"update_option_wpsdk_base","flush_rewrite_rules",11,{"type":143,"name":185,"callback":186,"file":176,"line":187},"pre_update_option_wpsdk_controllers","update_controllers",12,{"type":151,"name":189,"callback":189,"file":190,"line":191},"query_vars","singletons\\query.php",13,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":208,"fileOperations":254,"externalRequests":12,"nonceChecks":254,"capabilityChecks":199,"bundledLibraries":255},[],{"prepared":199,"raw":65,"locations":200},6,[201,205],{"file":202,"line":203,"context":204},"singletons\\introspector.php",55,"$wpdb->get_results() with variable interpolation",{"file":202,"line":206,"context":207},175,"$wpdb->get_col() with variable interpolation",{"escaped":65,"rawEcho":209,"locations":210},23,[211,214,216,218,220,222,224,226,228,230,232,234,236,237,238,240,242,243,244,246,248,250,252],{"file":176,"line":212,"context":213},139,"raw output",{"file":176,"line":215,"context":213},143,{"file":176,"line":217,"context":213},178,{"file":176,"line":219,"context":213},181,{"file":176,"line":221,"context":213},186,{"file":176,"line":223,"context":213},188,{"file":176,"line":225,"context":213},193,{"file":176,"line":227,"context":213},199,{"file":176,"line":229,"context":213},206,{"file":176,"line":231,"context":213},208,{"file":176,"line":233,"context":213},224,{"file":176,"line":235,"context":213},226,{"file":176,"line":235,"context":213},{"file":176,"line":235,"context":213},{"file":176,"line":239,"context":213},227,{"file":176,"line":241,"context":213},231,{"file":176,"line":241,"context":213},{"file":176,"line":241,"context":213},{"file":176,"line":245,"context":213},291,{"file":176,"line":247,"context":213},331,{"file":249,"line":24,"context":213},"singletons\\response.php",{"file":249,"line":251,"context":213},108,{"file":249,"line":253,"context":213},117,4,[],[257,275,283,312,324],{"entryPoint":258,"graph":259,"unsanitizedCount":30,"severity":274},"respond (singletons\\response.php:73)",{"nodes":260,"edges":271},[261,266],{"id":262,"type":263,"label":264,"file":249,"line":265},"n0","source","$_REQUEST[$status_redirect]",87,{"id":267,"type":268,"label":269,"file":249,"line":265,"wp_function":270},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[272],{"from":262,"to":267,"sanitized":273},false,"medium",{"entryPoint":276,"graph":277,"unsanitizedCount":30,"severity":274},"\u003Cresponse> (singletons\\response.php:0)",{"nodes":278,"edges":281},[279,280],{"id":262,"type":263,"label":264,"file":249,"line":265},{"id":267,"type":268,"label":269,"file":249,"line":265,"wp_function":270},[282],{"from":262,"to":267,"sanitized":273},{"entryPoint":284,"graph":285,"unsanitizedCount":65,"severity":311},"init_wpsdk (singletons\\api.php:303)",{"nodes":286,"edges":306},[287,290,293,298,302,304],{"id":262,"type":263,"label":288,"file":176,"line":289},"$_REQUEST['wpsdk_appkey']",305,{"id":267,"type":291,"label":292,"file":176,"line":289},"transform","→ save_option()",{"id":294,"type":268,"label":295,"file":176,"line":296,"wp_function":297},"n2","update_option() [Settings Manipulation]",418,"update_option",{"id":299,"type":263,"label":300,"file":176,"line":301},"n3","$_REQUEST['wpsdk_appsecret']",308,{"id":303,"type":291,"label":292,"file":176,"line":301},"n4",{"id":305,"type":268,"label":295,"file":176,"line":296,"wp_function":297},"n5",[307,308,309,310],{"from":262,"to":267,"sanitized":273},{"from":267,"to":294,"sanitized":273},{"from":299,"to":303,"sanitized":273},{"from":303,"to":305,"sanitized":273},"low",{"entryPoint":313,"graph":314,"unsanitizedCount":65,"severity":311},"set_banners (singletons\\api.php:342)",{"nodes":315,"edges":321},[316,319,320],{"id":262,"type":263,"label":317,"file":176,"line":318},"$_REQUEST[?] (x2)",344,{"id":267,"type":291,"label":292,"file":176,"line":318},{"id":294,"type":268,"label":295,"file":176,"line":296,"wp_function":297},[322,323],{"from":262,"to":267,"sanitized":273},{"from":267,"to":294,"sanitized":273},{"entryPoint":325,"graph":326,"unsanitizedCount":254,"severity":311},"\u003Capi> (singletons\\api.php:0)",{"nodes":327,"edges":340},[328,329,330,331,332,333,334,336,338],{"id":262,"type":263,"label":288,"file":176,"line":289},{"id":267,"type":291,"label":292,"file":176,"line":289},{"id":294,"type":268,"label":295,"file":176,"line":296,"wp_function":297},{"id":299,"type":263,"label":300,"file":176,"line":301},{"id":303,"type":291,"label":292,"file":176,"line":301},{"id":305,"type":268,"label":295,"file":176,"line":296,"wp_function":297},{"id":335,"type":263,"label":317,"file":176,"line":318},"n6",{"id":337,"type":291,"label":292,"file":176,"line":318},"n7",{"id":339,"type":268,"label":295,"file":176,"line":296,"wp_function":297},"n8",[341,342,343,344,345,346],{"from":262,"to":267,"sanitized":273},{"from":267,"to":294,"sanitized":273},{"from":299,"to":303,"sanitized":273},{"from":303,"to":305,"sanitized":273},{"from":335,"to":337,"sanitized":273},{"from":337,"to":339,"sanitized":273},{"summary":348,"deductions":349},"The mobpress v1.0.0 plugin exhibits a mixed security posture.  On the surface, the lack of apparent entry points like AJAX handlers, REST API routes, and shortcodes, along with no recorded vulnerabilities, suggests a generally secure configuration.  Furthermore, the presence of nonce and capability checks, and a reasonable percentage of SQL queries using prepared statements, are positive indicators of security best practices being followed. However, a significant concern arises from the taint analysis, which reveals 5 flows with unsanitized paths. While no critical or high severity issues were flagged, these unsanitized paths represent potential avenues for injection attacks if not handled properly downstream.  The limited output escaping (8%) is also a concern, as it could lead to cross-site scripting (XSS) vulnerabilities if dynamic content is not correctly sanitized before being rendered. The plugin's history of zero CVEs is encouraging but does not negate the risks identified in the static analysis.",[350,352],{"reason":351,"points":10},"5 unsanitized path taint flows",{"reason":353,"points":354},"Low output escaping percentage (8%)",5,"2026-03-17T01:16:24.695Z",{"wat":357,"direct":363},{"assetPaths":358,"generatorPatterns":360,"scriptPaths":361,"versionParams":362},[359],"\u002Fwp-content\u002Fplugins\u002Fmobpress\u002Fwpsdk\u002Fcore\u002Fwp-json-api-plugin.php",[],[],[],{"cssClasses":364,"htmlComments":367,"htmlAttributes":368,"restEndpoints":371,"jsGlobals":374,"shortcodeOutput":376},[365,366],"wpsdk-php-version-warning","wpsdk-class-warning",[],[369,370],"data-wpsdk-controller","data-wpsdk-method",[372,373],"\u002Fwp-json\u002Finfo","\u002Fwp-json\u002F(.+)",[375],"wpsdk_api",[],{"error":378,"url":379,"statusCode":380,"statusMessage":381,"message":381},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmobpress\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":12,"versions":383},[]]