Does WordPress REST API (Version 2) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WordPress REST API (Version 2) compatible with WordPress 4.7.33?

According to WordPress.org data, WordPress REST API (Version 2) 2.0-beta15 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is WordPress REST API (Version 2) updated?

WordPress REST API (Version 2) was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is WordPress REST API (Version 2)'s security score?

WordPress REST API (Version 2) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WordPress REST API (Version 2) Security & Risk Analysis

wordpress.org/plugins/rest-api

Access your site's data through an easy-to-use HTTP REST API. (Version 2)

10K active installs v2.0-beta15 PHP + WP 4.6+ Updated Nov 28, 2017

apijsonrestrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WordPress REST API (Version 2) Safe to Use in 2026?

Generally Safe

Score 85/100

WordPress REST API (Version 2) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "rest-api" v2.0-beta15 plugin exhibits an exceptionally strong security posture based on the provided static analysis. The complete absence of any attack surface, including AJAX handlers, REST API routes, shortcodes, or cron events, is a significant strength. Furthermore, the code signals indicate a robust implementation with no dangerous functions, all SQL queries utilizing prepared statements, and all outputs being properly escaped. The lack of file operations, external HTTP requests, and the absence of recorded vulnerabilities further bolster its security profile. This data suggests that the plugin has been developed with security best practices at its core, leading to a very low risk of exploitation through common web vulnerabilities.

Vulnerabilities

None known

WordPress REST API (Version 2) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WordPress REST API (Version 2) Release Timeline

v2.0-beta12.1

v2.0-beta13.1

v2.0-beta3.1

v2.0-beta4.1

v2.0-beta5.1

v2.0-beta6.1

v2.0-beta7.1

v2.0-beta8.1

v2.0-beta9.1

v2.0-beta10

v2.0-beta11

v2.0-beta12

v2.0-beta13

v2.0-beta14

v2.0-beta15Current

v2.0-beta3

v2.0-beta4

v2.0-beta5

v2.0-beta6

v2.0-beta7

Code Analysis

Analyzed Mar 16, 2026

WordPress REST API (Version 2) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

WordPress REST API (Version 2) Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionpre_get_commentscore-integration.php:15

actionwp_enqueue_scriptsextras.php:11

actionadmin_enqueue_scriptsextras.php:12

filterinitplugin.php:130

actioninitplugin.php:131

actionrest_api_initplugin.php:132

actionrest_api_initplugin.php:133

Maintenance & Trust

WordPress REST API (Version 2) Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedNov 28, 2017

PHP min version

Downloads535K

Community Trust

Rating84/100

Number of ratings34

Active installs10K

Alternatives

WordPress REST API (Version 2) Alternatives

Disable REST API

disable-json-api

Disable the use of the REST API on your website to site users. Now with User Role support!

90K No CVEs

JWT Authentication for WP REST API

jwt-authentication-for-wp-rest-api

100

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

60K No CVEs

Disable WP REST API

disable-wp-rest-api

100

Disables the WP REST API for visitors not logged into WordPress.

30K No CVEs

WP REST API – OAuth 1.0a Server

rest-api-oauth1

Connect applications to your WordPress site without ever giving away your password.

8K No CVEs

REST API Log

wp-rest-api-log

WordPress plugin to log REST API requests and responses

5K No CVEs

Developer Profile

WordPress REST API (Version 2) Developer Profile

Ryan McCue

4 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WordPress REST API (Version 2)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rest-api/lib/endpoints//wp-content/plugins/rest-api/lib/fields//wp-content/plugins/rest-api/extras.php/wp-content/plugins/rest-api/core-integration.php

HTML / DOM Fingerprints

REST Endpoints

/wp-json/wp/v2/posts/wp-json/wp/v2/pages/wp-json/wp/v2/media/wp-json/wp/v2/types/wp-json/wp/v2/statuses/wp-json/wp/v2/revisions/wp-json/wp/v2/taxonomies/wp-json/wp/v2/categories/wp-json/wp/v2/tags/wp-json/wp/v2/users/wp-json/wp/v2/comments/wp-json/wp/v2/settings/wp-json/wp/v2/settings/general/wp-json/wp/v2/settings/writing

FAQ