[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYcoSOig1xuOQMBh3nSFL-UKN5JtNI0KnHJmD8m-WOk0":3,"$fAgX1kq1s5fuP8PIUQGt5Ci3b_wRwED16qVihbBmWkBg":181,"$f8m4nKP5_HWktAStNCwObEeeIhCaB4JfW-36uf5LG7_8":186},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":131,"fingerprints":167},"network-rest-site-list","Network Rest Site List","1.0.0","David Sword","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidsword\u002F","\u003Cp>🚀 Access the endpoint with \u003Ccode>\u002Fwp-json\u002Fntwrkrst\u002Fv1\u002Fwpsitelist\u003C\u002Fcode> – which returns:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>{\u003Cbr \u002F>\n    “123”: {\u003Cbr \u002F>\n        “blog_id” : “123”,\u003Cbr \u002F>\n        “domain”:”example.com”,\u003Cbr \u002F>\n        “path”:”\\\u002Fmain\\\u002F”\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n    \u002F\u002F etc\u003Cbr \u002F>\n}\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>🔬 Query sites path with a search, similar to \u003Ccode>\u002Fwp-json\u002Fntwrkrst\u002Fv1\u002Fwpsitelist?q=keyword\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>📦 Cache’s for 24h\u003C\u002Fp>\n\u003Cp>⚙️ Built primarily for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdavidsword\u002Falfred-workflow-wpsitelist\" rel=\"nofollow ugc\">this Alfred workflow\u003C\u002Fa> to quickly find a sites \u003Ccode>blog_id\u003C\u002Fcode>\u003C\u002Fp>\n","Simple small Wordpress plugin that creates a REST endpoint to list all sites and their IDs in a Wordpress Multisite Network.",0,1763,"2018-06-10T23:28:00.000Z","4.9.29","4.9","5.6",[18,19,20,21,22],"api","multisite","network","rest","wp-json","https:\u002F\u002Fgithub.com\u002Fdavidsword\u002Fnetwork-rest-site-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-rest-site-list.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"davidsword",4,310,30,84,"2026-05-20T11:20:40.787Z",[38,61,78,96,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":48,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"rest-api-blocks","REST API blocks","2.0.0","Jonny Harris","https:\u002F\u002Fprofiles.wordpress.org\u002Fspacedmonkey\u002F","\u003Cp>A simple plugin to add block data in json format into the rest api. Once installed, there will be two new fields added to the rest api, \u003Ccode>has_blocks\u003C\u002Fcode> and \u003Ccode>blocks\u003C\u002Fcode>.\u003Cbr \u002F>\nFor example output.\u003Cbr \u002F>\n    \u003Ccode>\"has_blocks\": true,\u003Cbr \u002F>\n\"block_data\": [\u003Cbr \u002F>\n  {\u003Cbr \u002F>\n    \"blockName\": \"core\u002Fimage\",\u003Cbr \u002F>\n    \"attrs\": {\u003Cbr \u002F>\n      \"url\": \"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\",\u003Cbr \u002F>\n      \"alt\": \"Terminal de aeropuerto\",\u003Cbr \u002F>\n      \"caption\": \"fsfsdfdsfdssfd\",\u003Cbr \u002F>\n      \"href\": \"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\",\u003Cbr \u002F>\n      \"rel\": \"noreferrer noopener\",\u003Cbr \u002F>\n      \"linkClass\": \"jonny-123\",\u003Cbr \u002F>\n      \"linkTarget\": \"_blank\",\u003Cbr \u002F>\n      \"id\": 147355,\u003Cbr \u002F>\n      \"width\": 582,\u003Cbr \u002F>\n      \"height\": 327,\u003Cbr \u002F>\n      \"linkDestination\": \"attachment\"\u003Cbr \u002F>\n    },\u003Cbr \u002F>\n    \"innerBlocks\": [\u003Cbr \u002F>\n    ],\u003Cbr \u002F>\n    \"innerHTML\": \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\",\u003Cbr \u002F>\n    \"innerContent\": [\u003Cbr \u002F>\n      \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\"\u003Cbr \u002F>\n    ],\u003Cbr \u002F>\n    \"rendered\": \"\\n\u003Cfigure class=\\\"wp-block-image is-resized\\\">\u003Ca class=\\\"jonny-123\\\" href=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Ftest-image\\\" target=\\\"_blank\\\" rel=\\\"noreferrer noopener\\\">\u003Cimg src=\\\"https:\u002F\u002Fwww.spacedmonkey.com\u002Fwp-content\u002Fuploads\u002F2018\u002F12\u002Ftest-image.jpg\\\" alt=\\\"Terminal de aeropuerto\\\" class=\\\"wp-image-147355\\\" width=\\\"582\\\" height=\\\"327\\\"\u002F>\u003C\u002Fa>\u003Cfigcaption>fsfsdfdsfdssfd\u003C\u002Ffigcaption>\u003C\u002Ffigure>\\n\"\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n],\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Technical Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Requires PHP 5.6+.\u003C\u002Fli>\n\u003Cli>Requires WordPress 5.5+.\u003C\u002Fli>\n\u003Cli>Issues and Pull requests welcome on the GitHub repository: https:\u002F\u002Fgithub.com\u002Fspacedmonkey\u002Fwp-rest-blocks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Ccode>@wordpress\u002Fenv\u003C\u002Fcode> for local development and testing.\u003C\u002Fp>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Node.js 20+ and npm\u003C\u002Fli>\n\u003Cli>Docker Desktop (must be installed and running)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Clone the repository\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install dependencies:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm install\u003Cbr \u002F>\ncomposer install\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Start the WordPress environment:\u003Cbr \u002F>\n   \u003Ccode>bash\u003Cbr \u002F>\nnpm run env:start\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This will start a local WordPress instance at \u003Ccode>http:\u002F\u002Flocalhost:8888\u003C\u002Fcode> (admin: \u003Ccode>http:\u002F\u002Flocalhost:8888\u002Fwp-admin\u003C\u002Fcode> with username \u003Ccode>admin\u003C\u002Fcode> and password \u003Ccode>password\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Docker must be running for this to work. The first time you run this, it will download WordPress and set up the database, which may take a few minutes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Available Commands\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>npm run env:start\u003C\u002Fcode> – Start the WordPress environment\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:stop\u003C\u002Fcode> – Stop the WordPress environment\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:reset\u003C\u002Fcode> – Reset the environment (clean database)\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run env:destroy\u003C\u002Fcode> – Destroy the environment completely\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run test:php\u003C\u002Fcode> – Run PHPUnit tests\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run test:php:multisite\u003C\u002Fcode> – Run PHPUnit tests in multisite mode\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run lint:php\u003C\u002Fcode> – Run PHP CodeSniffer\u003C\u002Fli>\n\u003Cli>\u003Ccode>npm run lint:php:fix\u003C\u002Fcode> – Fix PHP coding standards issues automatically\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Running Tests\u003C\u002Fh3>\n\u003Cp>After starting the environment with \u003Ccode>npm run env:start\u003C\u002Fcode>, you can run the tests:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`bash\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>npm run test:php\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>For multisite tests:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`bash\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>npm run test:php:multisite\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Ch3>Accessing the Site\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Development site\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8888\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin dashboard\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8888\u002Fwp-admin (admin\u002Fpassword)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test site\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8889\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test admin\u003C\u002Fstrong>: http:\u002F\u002Flocalhost:8889\u002Fwp-admin (admin\u002Fpassword)\u003C\u002Fli>\n\u003C\u002Ful>\n","Add gutenberg blocks data into the post \u002F page REST API endpoints.",200,6817,100,2,"2026-01-03T16:16:00.000Z","6.9.4","5.9","7.4",[18,55,56,57,22],"blocks","gutenberg","rest-api","https:\u002F\u002Fgithub.com\u002Fspacedmonkey\u002Fwp-rest-blocks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-blocks.2.0.0.zip","2026-04-16T10:56:18.058Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":46,"downloaded":69,"rating":48,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":74,"download_link":77,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"sar-disable-rest-api","Disable REST API for Real","2.1.1","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>The WordPress REST API is a great resource, but if you don’t want to use it probably you will want to close this door to your WordPress.\u003C\u002Fp>\n\u003Cp>Unlike other popular plugins that aims to disable the REST API but \u003Cstrong>only return an error, processed by the REST API\u003C\u002Fstrong>, when a request is received, by default, this plugin \u003Cstrong>removes all filters and actions related to WordPress REST API, and returns a 404 error for requests sent to the REST API URL endpoints, effectively blocking any use of the REST API\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Optionally you can set the \u003Cstrong>REST API setting in Settings -> General page\u003C\u002Fstrong> to “Logged In Only” for a less drastical action, to keep REST API access enabled but require the user to be logged in to accept the requests.\u003C\u002Fp>\n\u003Cp>If you’re happy with the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsar-disable-rest-api\u002Freviews\u002F?filter=5\" rel=\"ugc\">please don’t forget to give it a good rating\u003C\u002Fa>, it will motivate me to keep sharing and improving this plugin (and others).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SUPPORT:\u003C\u002Fstrong> If you have any support question, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamuelaguilera\u002Fsar-disable-rest-api\u002Fissues\" rel=\"nofollow ugc\">create an issue at the Github repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.7 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable WordPress core REST API \u003Cstrong>for real\u003C\u002Fstrong> by removing all filters and actions related to it and returning a 404 error for requests sent to REST API URL endpoints (e.g. https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwhatever ).\u003C\u002Fli>\n\u003Cli>Option to require user to be logged in to use the REST API instead of completely disable it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>To disable the REST API completely simply install the plugin from the Plugins page and enable it.\u003C\u002Fp>\n\u003Cp>If you don’t want to disable the REST API but require user to be logged in instead, go to Settings -> General page and set the REST API to option to “Logged In Only”, and click Save Changes.\u003C\u002Fp>\n\u003Cp>You can change the option back to “Off” if you want to disable the REST API again.\u003C\u002Fp>\n\u003Cp>To return to WordPress default, simply deactivate the plugin.\u003C\u002Fp>\n","Really prevents the REST API from handling requests (default) or require user to be logged in.",5919,3,"2019-11-14T23:42:00.000Z","5.3.21","4.7","",[18,76,21,57,22],"json","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsar-disable-rest-api.2.1.1.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":34,"downloaded":86,"rating":48,"num_ratings":87,"last_updated":88,"tested_up_to":14,"requires_at_least":89,"requires_php":74,"tags":90,"homepage":94,"download_link":95,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"disable-unnecessary-functionality","Disables unnecessary functionality","1.3.2","DreamerKlim","https:\u002F\u002Fprofiles.wordpress.org\u002Fdreamerklim\u002F","\u003Cp>Disable unnecessary functions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>REST API\u003C\u002Fli>\n\u003Cli>Emoji\u003C\u002Fli>\n\u003Cli>links to blog clients\u003C\u002Fli>\n\u003Cli>links to RSS feeds\u003C\u002Fli>\n\u003Cli>version of your WordPress\u003C\u002Fli>\n\u003Cli>automatic links in comments\u003C\u002Fli>\n\u003Cli>srcset and sizes for pictures\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What you will get after activation:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Improved SEO\u003C\u002Fli>\n\u003Cli>A little bit of speed\u003C\u002Fli>\n\u003Cli>Сlean source code\u003C\u002Fli>\n\u003C\u002Ful>\n","Just disables unnecessary functionality of WordPress, thus improving and speeding up your site ^_^",2099,1,"2017-11-19T09:19:00.000Z","3.7",[91,57,92,93,22],"emoji","rss","seo","https:\u002F\u002Fpupi-boy.ru\u002Fwordpress\u002Fwordpress-otklyuchaem-wp-json-emoji-xml-rpc-head.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-unnecessary-functionality.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":115,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"custom-api-creator","Custom API Creator","1.0.4","Mehdi Rezaei","https:\u002F\u002Fprofiles.wordpress.org\u002Fmehdiraized\u002F","\u003Cp>Custom API Creator is a powerful WordPress plugin that allows developers and site owners to create custom REST API endpoints with ease. This plugin bridges the gap between your WordPress content and custom applications, enabling you to expose your data in a flexible, secure, and organized manner.\u003C\u002Fp>\n\u003Cp>With Custom API Creator, you can define multiple API endpoints, each with its own set of data sections. Choose which post types and fields to include, control access with user role restrictions, and customize the structure of your API responses. Whether you’re building a mobile app, integrating with a third-party service, or creating a headless WordPress setup, Custom API Creator provides the tools you need to shape your data output.\u003C\u002Fp>\n\u003Cp>Translation :\u003Cbr \u002F>\nTo contribute in translating this plugin please visit: \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcustom-api-creator\u002F\" rel=\"nofollow ugc\">WordPress Translation Repository\u003C\u002Fa>\u003C\u002Fp>\n","Custom API Creator is a WordPress plugin that lets developers create flexible, customize data, and control access with role restrictions.",10,629,"2024-10-07T07:30:00.000Z","6.6.5","5.0","7.0",[18,111,112,57,22],"api-builder","custom-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-api-creator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-api-creator.1.0.4.zip",92,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":104,"downloaded":124,"rating":11,"num_ratings":11,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":74,"tags":128,"homepage":74,"download_link":130,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":60},"disable-rest-api-wp-json-and-oembed","Disable REST API (wp-json and oembed)","1.0","Anton Alatyrev","https:\u002F\u002Fprofiles.wordpress.org\u002Fadmanager\u002F","\u003Cp>This plugin fully disables wp-json and oembed mixed up with REST API.\u003C\u002Fp>\n","This plugin disables wp-json and oembed mixed up with REST API",1568,"2017-05-04T11:17:00.000Z","4.7.33","4.4",[18,76,129,57,22],"oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-rest-api-wp-json-and-oembed.zip",{"attackSurface":132,"codeSignals":150,"taintFlows":157,"riskAssessment":158,"analyzedAt":166},{"hooks":133,"ajaxHandlers":140,"restRoutes":141,"shortcodes":148,"cronEvents":149,"entryPointCount":87,"unprotectedCount":87},[134],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","rest_api_init","closure","network-rest.php",18,[],[142],{"namespace":143,"route":144,"methods":145,"callback":137,"permissionCallback":26,"file":138,"line":147},"ntwrkrst\u002Fv1","\u002Fwpsitelist",[146],"GET",19,[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":156},[],{"prepared":87,"raw":11,"locations":153},[],{"escaped":11,"rawEcho":11,"locations":155},[],[],[],{"summary":159,"deductions":160},"The plugin \"network-rest-site-list\" v1.0.0 exhibits a concerning security posture due to a significant unprotected entry point. While the code analysis shows positive signs like the absence of dangerous functions, the use of prepared statements for SQL queries, and proper output escaping, these strengths are overshadowed by the critical flaw in its REST API implementation.  The single REST API route lacks any permission callback, meaning it is entirely unprotected and could potentially be accessed and manipulated by any unauthenticated user. This presents a serious risk of unauthorized access or data leakage.  The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, this lack of history does not negate the immediate and evident risk posed by the unprotected REST API endpoint.  In conclusion, while the plugin demonstrates good coding practices in many areas, the unprotected REST API route is a major security weakness that requires immediate attention.",[161,163],{"reason":162,"points":104},"Unprotected REST API route",{"reason":164,"points":165},"No capability checks on REST API route",5,"2026-04-16T13:02:46.034Z",{"wat":168,"direct":173},{"assetPaths":169,"generatorPatterns":170,"scriptPaths":171,"versionParams":172},[],[],[],[],{"cssClasses":174,"htmlComments":175,"htmlAttributes":176,"restEndpoints":177,"jsGlobals":179,"shortcodeOutput":180},[],[],[],[178],"\u002Fntwrkrst\u002Fv1\u002Fwpsitelist",[],[],{"error":182,"url":183,"statusCode":184,"statusMessage":185,"message":185},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnetwork-rest-site-list\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":87,"versions":187},[188],{"version":6,"download_url":189,"svn_tag_url":190,"released_at":26,"has_diff":191,"diff_files_changed":192,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":193,"is_current":182},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-rest-site-list.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnetwork-rest-site-list\u002Ftags\u002F1.0.0\u002F",false,[],[]]