Does One Call – WP REST API Extension have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is One Call – WP REST API Extension compatible with WordPress 4.9.29?

According to WordPress.org data, One Call – WP REST API Extension 1.1.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is One Call – WP REST API Extension compatible with PHP 5.6+?

One Call – WP REST API Extension requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is One Call – WP REST API Extension updated?

One Call – WP REST API Extension was last updated on Jan 20, 2019. Frequent updates are generally a positive security signal.

What is One Call – WP REST API Extension's security score?

One Call – WP REST API Extension has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

One Call – WP REST API Extension Security & Risk Analysis

wordpress.org/plugins/one-call

Get featured images, categories, tags, taxonomies,custom fields & author details etc all together by one call from WordPress rest api to reduce re …

10 active installs v1.1.1 PHP 5.6+ WP 4.7+ Updated Jan 20, 2019

wp-rest-api-all-post-fields-detailswp-rest-api-featured-imagewp-rest-api-filter-fieldswpi-rest-api-prefix

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is One Call – WP REST API Extension Safe to Use in 2026?

Generally Safe

Score 85/100

One Call – WP REST API Extension has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'one-call' plugin v1.1.1 exhibits a strong security posture based on the provided static analysis. The absence of any detected dangerous functions, raw SQL queries, unescaped output, file operations, or external HTTP requests is highly commendable. Furthermore, the plugin employs proper nonce checks, which is a critical security measure for WordPress plugins. The taint analysis showing zero unsanitized paths further reinforces the confidence in the code's resilience against common injection vulnerabilities.

The vulnerability history being completely clean, with no recorded CVEs, is another significant positive indicator. This suggests a proactive and well-maintained development process that prioritizes security. The lack of common vulnerability types and recent vulnerabilities further supports this.

In conclusion, 'one-call' v1.1.1 appears to be a very securely developed plugin. The code analysis reveals excellent adherence to WordPress security best practices, and the absence of historical vulnerabilities suggests a commitment to maintaining this standard. While the lack of capability checks on entry points is a minor point for consideration in very high-security environments, the overall picture is one of a robust and trustworthy plugin.

Key Concerns

Missing capability checks on entry points

Vulnerabilities

None known

One Call – WP REST API Extension Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

One Call – WP REST API Extension Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

One Call – WP REST API Extension Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped2 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

save_settings_options (ocapi-includes/class-ocapi-admin.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

One Call – WP REST API Extension Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_initocapi-includes/class-ocapi-admin.php:12

actionadmin_menuone-call.php:55

actionrest_api_initone-call.php:57

filterrest_url_prefixone-call.php:62

Maintenance & Trust

One Call – WP REST API Extension Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 20, 2019

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

One Call – WP REST API Extension Alternatives

No alternatives data available yet.

Developer Profile

One Call – WP REST API Extension Developer Profile

AmaderCode Lab

4 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect One Call – WP REST API Extension

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/one-call/ocapi-includes/class-ocapi-admin.php/wp-content/plugins/one-call/ocapi-includes/class-ocapi-responses.php

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-setting-page-slug="ac-ocapi-settings"

REST Endpoints

/wp-json/wp/v2/posts?_fields[]=id&_fields[]=title&_fields[]=excerpt&_fields[]=one_call/wp-json/wp/v2/pages?_fields[]=id&_fields[]=title&_fields[]=excerpt&_fields[]=one_call

FAQ