REST API Extender Security & Risk Analysis

wordpress.org/plugins/rest-api-extender

The REST API Extender is a WordPress plugin that extends the functionality of the WordPress REST API.

20 active installs v2.2 PHP + WP 5.0+ Updated Apr 16, 2024
appearanceoptionspermalinkrest-apitheme
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is REST API Extender Safe to Use in 2026?

Generally Safe

Score 85/100

REST API Extender has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "rest-api-extender" v2.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, unsanitized output, file operations, and a clean taint analysis are all positive indicators. The presence of a capability check for its single external HTTP request further demonstrates a commitment to secure coding practices. The plugin also has a spotless vulnerability history, with no recorded CVEs, which suggests a stable and well-maintained codebase.

However, a significant concern arises from the complete lack of nonce checks across all entry points, including the two REST API routes. While these routes do have permission callbacks, the absence of nonces leaves them susceptible to Cross-Site Request Forgery (CSRF) attacks. This is a notable weakness that, if exploited, could lead to unauthorized actions being performed on behalf of logged-in users. Despite the overall good practices, this single omission significantly impacts the plugin's overall security, as CSRF can have severe consequences.

Key Concerns

  • Missing nonce checks on REST API routes
Vulnerabilities
None known

REST API Extender Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

REST API Extender Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

REST API Extender Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0
Attack Surface

REST API Extender Attack Surface

Entry Points2
Unprotected0

REST API Routes 2

POST/wp-json/raext/theme-manager/v1/installrest-api-extender.php:23
POST/wp-json/raext/permalink-options/v1/settingsrest-api-extender.php:28
WordPress Hooks 1
actionrest_api_initrest-api-extender.php:22
Maintenance & Trust

REST API Extender Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedApr 16, 2024
PHP min version
Downloads775

Community Trust

Rating0/100
Number of ratings0
Active installs20
Developer Profile

REST API Extender Developer Profile

SEO Neo

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect REST API Extender

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments
<!-- Filesystem passed -->
REST Endpoints
/wp-json/raext/theme-manager/v1/install/wp-json/raext/permalink-options/v1/settings
FAQ

Frequently Asked Questions about REST API Extender