Only REST API Security & Risk Analysis

wordpress.org/plugins/only-rest-api

Redirects all front end, non-REST API requests to a single page.

30 active installs v1.0.0 PHP + WP 4.0+ Updated Dec 7, 2015
apijsononlyrest
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Only REST API Safe to Use in 2026?

Generally Safe

Score 85/100

Only REST API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "only-rest-api" plugin version 1.0.0 exhibits a generally strong security posture based on the provided static analysis. The complete absence of any recorded vulnerabilities in its history, coupled with the lack of critical code signals like dangerous functions, raw SQL queries, or unsanitized taint flows, is a very positive indicator. The code also shows a good approach by not utilizing file operations or making external HTTP requests, which are common vectors for security issues. However, there are a few areas that, while not currently exploited, represent potential weaknesses. The lack of nonce and capability checks across all identified entry points means that any future addition of AJAX handlers or REST API routes without proper authorization could be immediately exploitable. Furthermore, the significant percentage of improperly escaped output (60%) indicates a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is handled without proper sanitization before being displayed.

Key Concerns

  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • Significant unescaped output detected
Vulnerabilities
None known

Only REST API Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Only REST API Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Only REST API Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped5 total outputs
Attack Surface

Only REST API Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actiontemplate_redirectonly-rest-api.php:94
actionadmin_menuonly-rest-api.php:97
actionadmin_initonly-rest-api.php:100
Maintenance & Trust

Only REST API Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 7, 2015
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Developer Profile

Only REST API Developer Profile

Braad

6 plugins · 2K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Only REST API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
only-rest-api-settings-pagepage-content
FAQ

Frequently Asked Questions about Only REST API