[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVE--5D7zisr_BHG1X0eKnOQzYLDdmbYC5i_YZHltJaA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":140,"fingerprints":246},"rest-api-featured-image","REST API Featured Image","0.9.2","uri","https:\u002F\u002Fprofiles.wordpress.org\u002Ficelayer\u002F","\u003Cp>\u003Cstrong>REST API Featured Image\u003C\u002Fstrong> is a lightweight yet powerful plugin that simplifies how to retrieve featured images via the WordPress REST API. By introducing a top-level field called \u003Ccode>featured_media_src_url\u003C\u002Fcode>, this plugin embeds the direct URL of the featured image into your REST API responses. This eliminates the need for additional API calls to fetch featured images, resulting in faster load times and enhanced site performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– \u003Cstrong>Direct Access to Featured Image URL:\u003C\u002Fstrong> Adds \u003Ccode>featured_media_src_url\u003C\u002Fcode> to REST API responses, providing immediate access to the featured image URL.\u003Cbr \u002F>\n– \u003Cstrong>Performance Optimization:\u003C\u002Fstrong> Reduces the number of API requests, improving the speed and efficiency of your applications.\u003Cbr \u002F>\n– \u003Cstrong>Custom Post Type Support:\u003C\u002Fstrong> Fully supports custom post types, allowing you to enable or disable the featured image URL field for specific post types through the admin settings.\u003Cbr \u002F>\n– \u003Cstrong>User-Friendly Configuration:\u003C\u002Fstrong> Easy to install and configure without any coding.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use REST API Featured Image?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When developing applications or themes that rely on the WordPress REST API, accessing the featured image typically requires an additional request for each post. This can be time-consuming and may negatively impact site performance. \u003Cstrong>REST API Featured Image\u003C\u002Fstrong> addresses this issue by including the featured image URL directly in the REST API response, saving you time and resources.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST API Featured Image Field:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– \u003Ccode>featured_media_src_url\u003C\u002Fcode>\u003C\u002Fp>\n","Enhance your WordPress REST API by adding a featured image URL field directly to API responses, improving performance by eliminating extra requests.",700,9326,80,4,"2025-08-06T02:19:00.000Z","6.8.5","5.3.0","7.4",[20,21,22,23,24],"api-performance","featured-image","featured-image-url","rest-api","wordpress-rest-api","https:\u002F\u002Fgithub.com\u002Fdevuri\u002Frest-api-featured-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-featured-image.0.9.2.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"icelayer",15,1310,91,30,88,"2026-04-04T15:22:10.177Z",[41,61,82,99,118],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":28,"num_ratings":28,"last_updated":51,"tested_up_to":16,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"woo-media-api","Media API for WooCommerce","2.8.1","WooPOS","https:\u002F\u002Fprofiles.wordpress.org\u002Fwoopos\u002F","\u003Cp>Media API for WooCommerce is an extension of \u003Ca href=\"http:\u002F\u002Fwoocommerce.github.io\u002Fwoocommerce-rest-api-docs\" rel=\"nofollow ugc\">WooCommerce API\u003C\u002Fa> with new endpoint \u003Ccode>media\u003C\u002Fcode>(\u002Fwp-json\u002Fwc\u002Fv2\u002Fmedia). This is a wrapper of existing \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\" rel=\"nofollow ugc\">WordPress REST API\u003C\u002Fa>. This plugin will help you bypass WordPress REST API authentication settings and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjwt-authentication-for-wp-rest-api\u002F\" rel=\"ugc\">JWT\u003C\u002Fa>, and use WooCommerce API to upload medias and images directly.\u003C\u002Fp>\n\u003Cp>Media properties can be found \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Freference\u002Fmedia\u002F#schema\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003Cbr \u002F>\nTwo additional properties have been added to create media file:\u003Cbr \u002F>\nmedia_path (string write-only): relative path folder (under wp-content\u002Fuploads) of the file to create. eg: 2018\u002F05\u002Fdepartment\u002Fbrand.\u003Cbr \u002F>\nmedia_attachment (string write-only): base64 string of media binary file. eg: \u003Ccode>R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>List all media: available parameters \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Freference\u002Fmedia\u002F#list-media\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoopos.com\" rel=\"nofollow ugc\">WooPOS\u003C\u002Fa> (WooCommerce Point Of Sale and Inventory Management desktop app) user: please install this plugin to manage images from WooPOS.\u003C\u002Fp>\n","Media endpoint for WooCommerce API. Upload and list media file by WooCommerce REST API.",400,7138,"2025-12-07T03:06:00.000Z","4.0","5.2.4",[55,56,57,58,24],"media-library","woocommerce-api","woocommerce-point-of-sale","woopos","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-media-api.2.8.1.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":28,"num_ratings":28,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":59,"tags":74,"homepage":79,"download_link":80,"security_score":81,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-api-filter-posts-date-wise-using-given-column","WP REST API – Filter posts date wise using given column","0.1","Vignesh Sundar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvigneshsundar\u002F","\u003Cp>In WordPress 4.7, Posts cannot be filtered based on \u003Ccode>modified\u003C\u002Fcode>, \u003Ccode>modified_gmt\u003C\u002Fcode>, \u003Ccode>date_gmt\u003C\u002Fcode> fields.\u003Cbr \u002F>\nUsing this plugin we can specify the column(any of \u003Ccode>date\u003C\u002Fcode>, \u003Ccode>date_gmt\u003C\u002Fcode>, \u003Ccode>modified\u003C\u002Fcode>, \u003Ccode>modified_gmt\u003C\u002Fcode>) as query parameter \u003Ccode>date_query_column\u003C\u002Fcode> to query against value(s) given in \u003Ccode>before\u003C\u002Fcode> and\u002For \u003Ccode>after\u003C\u002Fcode> query parameters.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Use the \u003Ccode>date_query_column\u003C\u002Fcode> parameter on any post endpoint such as \u003Ccode>\u002Fwp\u002Fv2\u002Fposts\u003C\u002Fcode> or \u003Ccode>\u002Fwp\u002Fv2\u002Fpages\u003C\u002Fcode> in combination with \u003Ccode>before\u003C\u002Fcode> and\u002For \u003Ccode>after\u003C\u002Fcode> parameter.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts?after=2017-11-08T13:07:09&date_query_column=modified\n\u003C\u002Fcode>\u003C\u002Fpre>\n","In WordPress 4.7, Posts cannot be filtered based on modified, modified_gmt, date_gmt fields.",20,2076,"2017-11-09T07:08:00.000Z","4.8.28","4.7",[75,76,77,78,24],"filter-modified-posts","filters","post-filter","wordpress-api","https:\u002F\u002Fgithub.com\u002Fvignesh-s\u002Ffilter_post_using_date_query_column","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-filter-posts-date-wise-using-given-column.zip",85,{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":28,"downloaded":90,"rating":28,"num_ratings":28,"last_updated":59,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":96,"download_link":97,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":98},"vison-ai","Vison AI","1.5","vison","https:\u002F\u002Fprofiles.wordpress.org\u002Fvison\u002F","\u003Cp>Vison AI provides an easy way to interact with WordPress posts and users through a REST API interface. It includes secure token-based authentication, domain whitelisting, and custom admin settings.\u003C\u002Fp>\n","A plugin to create Vison AI endpoints for WordPress posts with admin settings for Token and Domain.",256,"6.7.5","5.0",[94,95,24],"api","crud","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvison-ai\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvison-ai.zip","2026-03-15T10:48:56.248Z",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":37,"num_ratings":109,"last_updated":110,"tested_up_to":59,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":115,"download_link":116,"security_score":117,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"woocommerce-legacy-rest-api","WooCommerce Legacy REST API","1.0.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.woocommerce.com\u002F2023\u002F10\u002F03\u002Fthe-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0\u002F\" rel=\"nofollow ugc\">The Legacy REST API will no longer part of WooCommerce as of version 9.0\u003C\u002Fa>. This plugin restores the full functionality of the removed Legacy REST API code in WooCommerce 9.0 and later versions.\u003C\u002Fp>\n\u003Cp>For all intents and purposes, having this plugin installed and active in WooCommerce 9.0 and newer versions is equivalent to enabling the Legacy REST API in WooCommerce 8.9 and older versions (via WooCommerce – Settings – Advanced – Legacy API). All the endpoints work the same way, and existing user keys also continue working.\u003C\u002Fp>\n\u003Cp>On the other hand, installing this plugin together with WooCommerce 8.9 or an older version is safe: the plugin detects that the Legacy REST API is still part of WooCommerce and doesn’t initialize itself as to not interfere with the built-in code.\u003C\u002Fp>\n\u003Cp>Please note that \u003Cstrong>the Legacy REST API is not compatible with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fhigh-performance-order-storage\u002F\" rel=\"nofollow ugc\">High-Performance Order Storage\u003C\u002Fa>\u003C\u002Fstrong>. Upgrading the code that relies on the Legacy REST API to use the current WooCommerce REST API instead is highly recommended.\u003C\u002Fp>\n","The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.",400000,2304709,27,"2025-01-23T18:59:00.000Z","6.2",[23,113,114],"woo","woocommerce","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce-legacy-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-legacy-rest-api.1.0.5.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":138,"download_link":139,"security_score":81,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[135,94,136,137,23],"admin","json","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"attackSurface":141,"codeSignals":182,"taintFlows":238,"riskAssessment":239,"analyzedAt":245},{"hooks":142,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":28,"unprotectedCount":28},[143,149,153,156,159,163,166,171,174],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_enqueue_scripts","closure","src\\Admin\\AbstractAdminCore.php",116,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_init","register_user_options",165,{"type":144,"name":154,"callback":146,"file":147,"line":155},"init",167,{"type":144,"name":157,"callback":146,"file":147,"line":158},"wp_enqueue_scripts",175,{"type":144,"name":160,"callback":161,"file":147,"line":162},"network_admin_menu","build_menu",207,{"type":144,"name":164,"callback":161,"file":147,"line":165},"admin_menu",209,{"type":144,"name":167,"callback":168,"file":169,"line":170},"_admin_page_evp_post_types","render","src\\Plugin.php",40,{"type":144,"name":172,"callback":168,"file":169,"line":173},"_admin_page_evp_api_featured_media",45,{"type":144,"name":175,"callback":146,"priority":176,"file":169,"line":177},"rest_api_init",99,58,[],[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":28,"externalRequests":28,"nonceChecks":235,"capabilityChecks":236,"bundledLibraries":237},[],{"prepared":28,"raw":28,"locations":185},[],{"escaped":187,"rawEcho":188,"locations":189},61,21,[190,193,195,197,199,201,203,205,208,210,212,214,216,218,220,222,225,227,229,231,233],{"file":147,"line":191,"context":192},273,"raw output",{"file":147,"line":194,"context":192},303,{"file":147,"line":196,"context":192},375,{"file":147,"line":198,"context":192},749,{"file":147,"line":200,"context":192},848,{"file":147,"line":202,"context":192},876,{"file":147,"line":204,"context":192},946,{"file":206,"line":207,"context":192},"src\\Admin\\Form\\Form.php",282,{"file":206,"line":209,"context":192},285,{"file":206,"line":211,"context":192},296,{"file":206,"line":213,"context":192},297,{"file":206,"line":215,"context":192},300,{"file":206,"line":217,"context":192},301,{"file":206,"line":219,"context":192},403,{"file":206,"line":221,"context":192},404,{"file":223,"line":224,"context":192},"src\\Admin\\Pages\\PostTypesAdmin.php",25,{"file":223,"line":226,"context":192},36,{"file":223,"line":228,"context":192},39,{"file":223,"line":230,"context":192},43,{"file":223,"line":232,"context":192},83,{"file":223,"line":234,"context":192},90,3,10,[],[],{"summary":240,"deductions":241},"The \"rest-api-featured-image\" plugin v0.9.2 exhibits a generally strong security posture based on the provided static analysis.  The absence of any AJAX handlers, REST API routes, shortcodes, or cron events without proper authentication or permission checks is a significant positive.  Furthermore, the code employs prepared statements for all SQL queries and demonstrates a reasonable level of output escaping (74%), indicating an effort to prevent common web vulnerabilities. The presence of nonce and capability checks further strengthens its defenses.  However, the analysis does not cover taint flows, leaving a potential blind spot for complex vulnerabilities.  The complete lack of recorded vulnerabilities in its history is a positive indicator, suggesting either robust development practices or limited exposure\u002Ftesting that has not yet revealed issues. Overall, this plugin appears to be developed with security in mind, though the limited attack surface analysis and absence of taint flow data prevent a definitive conclusion about its absolute security.",[242],{"reason":243,"points":244},"Output escaping is not fully implemented",5,"2026-03-16T19:21:28.871Z",{"wat":247,"direct":256},{"assetPaths":248,"generatorPatterns":251,"scriptPaths":252,"versionParams":253},[249,250],"\u002Fwp-content\u002Fplugins\u002Frest-api-featured-image\u002Fassets\u002Fcss\u002Fapi-featured-image.css","\u002Fwp-content\u002Fplugins\u002Frest-api-featured-image\u002Fassets\u002Fjs\u002Fapi-featured-image.js",[],[250],[254,255],"rest-api-featured-image\u002Fassets\u002Fcss\u002Fapi-featured-image.css?ver=","rest-api-featured-image\u002Fassets\u002Fjs\u002Fapi-featured-image.js?ver=",{"cssClasses":257,"htmlComments":262,"htmlAttributes":263,"restEndpoints":265,"jsGlobals":268,"shortcodeOutput":271},[258,259,260,261],"wpfms-settings-wrapper","wpfms-settings-section","wpfms-settings-field","wpfms-post-type-selector",[],[264],"data-wpfms-post-type-selector",[266,267],"\u002Fwp-json\u002Frest-api-featured-image\u002Fv1\u002Fimages","\u002Fwp-json\u002Frest-api-featured-image\u002Fv1\u002Flarge",[269,270],"window.APIFeaturedImage","APIFeaturedImage",[]]