[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fw4TSxvPEKiLNUaBcnWU7M2q8L1eNFdvDpq2GdU1XYoE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":118,"fingerprints":299},"rest-api-head-tags","REST API – Head Tags","1.2.1","frontity","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrontity\u002F","\u003Cp>This plugin adds all the tags in the head section of a website to WordPress REST API responses.\u003C\u002Fp>\n\u003Cp>It is perfect if you are using WordPress for a headless set-up and would like to add the \u003Cstrong>meta tags\u003C\u002Fstrong> generated by your \u003Cstrong>WordPress SEO plugin\u003C\u002Fstrong> (like Yoast SEO or All-in-One SEO Pack) to the WordPress REST API output.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>This package depends on the \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.dom.php\" rel=\"nofollow ugc\">PHP DOM library\u003C\u002Fa>. Most PHP environments have it by default so you don’t have to worry about that.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>In case you get some errors regarding this dependency make sure you have this library installed (you can take a look at this \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffrontity\u002Fwp-plugins\u002Fissues\u002F35\" rel=\"nofollow ugc\">thread\u003C\u002Fa> in the code repository).\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible and works out of the box with some of the most popular WordPress SEO plugins. These are the ones that we tested:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-seo\u002F\" rel=\"ugc\">Yoast SEO\u003C\u002Fa> – (up to 13.5)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-seo-pack\u002F\" rel=\"ugc\">All in One SEO Pack\u003C\u002Fa> – (up to 3.4.2)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falleyinteractive\u002Fwp-seo\" rel=\"nofollow ugc\">WP SEO\u003C\u002Fa> –\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Are you using a different SEO plugin and want to know if it’s compatible? Feel free to ask in our \u003Ca href=\"https:\u002F\u002Fcommunity.frontity.org\u002F?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">community forum\u003C\u002Fa>. If you tested any other plugin, please let us know as well so we can update the list.\u003C\u002Fp>\n\u003Ch3>How to use this plugin\u003C\u002Fh3>\n\u003Ch4>Entities with head tags\u003C\u002Fh4>\n\u003Cp>The plugin has been developed to include the head_tags field to the REST API response of most of the WordPress core entities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Posts, pages, attachments and custom post types.\u003C\u002Fli>\n\u003Cli>Post types: for archive pages.\u003C\u002Fli>\n\u003Cli>Categories, tags and custom taxonomies.\u003C\u002Fli>\n\u003Cli>Authors.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>In a Frontity project\u003C\u002Fh4>\n\u003Cp>If you are using \u003Ca href=\"https:\u002F\u002Ffrontity.org?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">Frontity\u003C\u002Fa>, you just have to install the \u003Ca href=\"https:\u002F\u002Fdocs.frontity.org\u002Fapi-reference-1\u002Ffrontity-head-tags?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">@frontity\u002Fhead-tags package\u003C\u002Fa> and \u003Cstrong>it will work automatically\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4> In a different project\u003C\u002Fh4>\n\u003Cp>You need to understand better how it works and \u003Cstrong>add the data manually\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>How to fetch the head_tags field manually\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You have to get each entity from its respective REST API endpoint. For example: for fetching the posts, you should go to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts&id=123\u003C\u002Fcode> endpoint; for fetching the categories, you have to go to \u003Ccode>wp-json\u002Fwp\u002Fv2\u002Fcategories&id=123\u003C\u002Fcode>, and for custom post types or custom taxonomies, it would be a different url in each case.\u003C\u002Fp>\n\u003Cp>In the case of the homepage, it’s less intuitive and you should go to \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Ftypes\u002Fpost\u003C\u002Fcode>. As previously said, each entity has a different endpoint so if you aren’t familiar with this, you should check out the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Freference\u002F\" rel=\"nofollow ugc\">WordPress REST API reference\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Cp>Inside each endpoint, it will be a new field named \u003Cem>head_tags\u003C\u002Fem>, which will be an array of objects representing the tags that WordPress would normally include inside the html head element. These objects have the properties \u003Ccode>tag\u003C\u002Fcode>, \u003Ccode>attributes\u003C\u002Fcode> and \u003Ccode>content\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>For example for these HTML tags:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ctitle>Hello wordl! - My Site\u003C\u002Ftitle>\n\u003Cmeta name=\"robots\" content=\"max-snippet:-1, max-image-preview:large, max-video-preview:-1\">\n\u003Clink rel=\"canonical\" href=\"\u003Chttps:\u002F\u002Ftest.frontity.org\u002F>\" \u002F>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would be the content of the head_tags field:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\"head_tags\": [\n  {\n    \"tag\": \"title\",\n    \"content\": \"Hello world! - My Site\"\n  },\n  {\n    \"tag\": \"meta\",\n    \"attributes\": {\n      \"name\": \"robots\",\n      \"content\": \"max-snippet:-1, max-image-preview:large, max-video-preview:-1\"\n    }\n  },\n  {\n    \"tag\": \"link\",\n    \"attributes\": {\n      \"rel\": \"canonical\",\n      \"href\": \"\u003Chttps:\u002F\u002Ftest.frontity.org\u002F>\"\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>The settings of this plugin are really simple.\u003C\u002Fp>\n\u003Ch4>Purge cache\u003C\u002Fh4>\n\u003Cp>In order to not affect the performance of your site, the head_tags field is cached for all your responses. Each time you update a post\u002Fpage\u002Fcpt or a taxonomy, the cache for that entity will be purged automatically. In case you make global changes (i.e. your permalinks or your global Yoast settings) use the Purge button to clean the whole cache.\u003C\u002Fp>\n\u003Ch4> Enable output\u003C\u002Fh4>\n\u003Cp>By default, the head_tags field is included in the common endpoint of each entity. You can configure it so it doesn’t appear by default and to be shown when you include the head_tags=true query.\u003C\u002Fp>\n\u003Cp>For example, with the output disabled, https:\u002F\u002Ftest.frontity.org\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts won’t show the head_tags field unless you have the query \u003Ccode>?head_tags=true\u003C\u002Fcode> at the end.\u003C\u002Fp>\n\u003Ch4>Skip cache\u003C\u002Fh4>\n\u003Cp>In case you want to skip the cache, you can do so by adding to the query the  parameter \u003Ccode>skip_cache\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>There are some cache plugins for the REST API which also use the same parameter. In case you want to ignore the cache for the REST API call but not for the head tags, you can use \u003Ccode>skip_cache&head_tags_skip_cache=false\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch3>Problems and Questions\u003C\u002Fh3>\n\u003Cp>If you have any trouble with the REST API – Head Tags, you can check out \u003Ca href=\"https:\u002F\u002Fdocs.frontity.org\u002Ffrontity-plugins\u002Frest-api-head-tags?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">our docs\u003C\u002Fa> or join our \u003Ca href=\"https:\u002F\u002Fcommunity.frontity.org\u002F?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">community forum\u003C\u002Fa> and let us know. We’ll be happy to help!\u003C\u002Fp>\n\u003Cp>Bug reports for REST API – Head Tags plugin are welcomed in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffrontity\u002Fwp-plugins\" rel=\"nofollow ugc\">our repository\u003C\u002Fa> on GitHub. Before opening an issue, please be sure to review the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffrontity\u002Ffrontity\u002Fblob\u002Fdev\u002FCONTRIBUTING.md\" rel=\"nofollow ugc\">contributing guidelines\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.frontity.org\u002F#what-is-frontity?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">About Frontity Framework\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fblog.frontity.org\u002Fseo-for-headless-wordpress-themes\u002F?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">Guide on SEO for Headless WordPress Themes\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow Frontity on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Ffrontity\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffrontity\u002Ffrontity\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Get help on the \u003Ca href=\"https:\u002F\u002Fcommunity.frontity.org\u002F?utm_source=plugin-repository&utm_medium=readme&utm_campaign=rest-api-head-tags-plugin\" rel=\"nofollow ugc\">Frontity Community Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds all the meta tags of the head section to WordPress REST API responses, including the ones generated by SEO plugins like Yoast or All in One SEO.",200,18122,100,2,"2021-03-26T17:08:00.000Z","5.7.15","4.7","5.6",[20,21,22,23,24],"api","meta","rest","seo","yoast","http:\u002F\u002Fgithub.com\u002Ffrontity\u002Fwp-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-head-tags.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T10:35:54.364Z",[38,56,73,89,104],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":13,"downloaded":46,"rating":28,"num_ratings":28,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"igen-seo-api","IGen SEO API","1.0.0","i-Gen.ai","https:\u002F\u002Fprofiles.wordpress.org\u002Figenai\u002F","\u003Cp>IGen SEO API plugin allows you to access Yoast SEO meta fields through WordPress REST API. This plugin registers the following Yoast SEO fields to the REST API:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SEO Title (_yoast_wpseo_title)\u003C\u002Fli>\n\u003Cli>Meta Description (_yoast_wpseo_metadesc)  \u003C\u002Fli>\n\u003Cli>Focus Keyword (_yoast_wpseo_focuskw)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Automatically checks if Yoast SEO plugin is installed\u003Cbr \u002F>\n* Shows installation prompt if Yoast SEO is not installed\u003Cbr \u002F>\n* Only registers meta fields when Yoast SEO is active\u003Cbr \u002F>\n* Provides secure admin notification system\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About IGen\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fi-gen.ai\u002F\" rel=\"nofollow ugc\">IGen\u003C\u002Fa>, a leading AI-powered content generation platform. Visit our website to learn more about our innovative AI solutions for content creation and SEO optimization.\u003C\u002Fp>\n","Register Yoast SEO meta fields to make them accessible through REST API for reading and writing.",355,"2025-10-08T07:42:00.000Z","6.8.5","5.0","7.4",[52,53,23,24],"meta-fields","rest-api","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Figen-seo-api.1.0.0.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":28,"num_ratings":28,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":54,"tags":69,"homepage":71,"download_link":72,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-yoast-meta","WP API Yoast SEO","1.2.0","ChazUK","https:\u002F\u002Fprofiles.wordpress.org\u002Fchazuk\u002F","\u003Cp>Returns Yoast post or page metadata in a normal post or page request. Stores the metadata in the yoast_meta field of the returned data.\u003C\u002Fp>\n","Returns Yoast post or page metadata in a normal post or page request.",600,8182,"2016-07-29T12:02:00.000Z","4.5.33","4.4",[22,23,70,24],"wp-api","https:\u002F\u002Fgithub.com\u002FChazUK\u002Fwp-api-yoast-seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-yoast-meta.zip",{"slug":74,"name":75,"version":59,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":33,"last_updated":82,"tested_up_to":48,"requires_at_least":49,"requires_php":54,"tags":83,"homepage":54,"download_link":86,"security_score":87,"vuln_count":33,"unpatched_count":33,"last_vuln_date":88,"fetched_at":30},"seo-meta-description-updater","SEO Meta Description Updater","Joby Joseph","https:\u002F\u002Fprofiles.wordpress.org\u002Fjobyjoseph\u002F","\u003Cp>SEO Meta Description Updater is a lightweight plugin that enables updating SEO meta descriptions for posts using the WordPress REST API.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>After activation, you can update a post’s meta description using:\u003Cbr \u002F>\n    POST \u002Fwp-json\u002Fseo-meta\u002Fv1\u002Fupdate\u002F{post_id}\u003C\u002Fp>\n","A simple plugin to update SEO meta descriptions via the WordPress REST API.",500,929,"2025-05-09T07:43:00.000Z",[84,53,23,85],"meta-description","wordpress-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-meta-description-updater.zip",78,"2025-10-05 00:00:00",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":13,"downloaded":97,"rating":28,"num_ratings":28,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":50,"tags":101,"homepage":54,"download_link":103,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"seo-rocket-integration","SEO Rocket Integration","1.7.1","seorocket","https:\u002F\u002Fprofiles.wordpress.org\u002Fseorocket\u002F","\u003Cp>SEO Rocket Integration enables seamless publishing of AI-generated, SEO-optimized articles from \u003Ca href=\"https:\u002F\u002Fwww.seorocket.app\" rel=\"nofollow ugc\">SEO Rocket\u003C\u002Fa> directly to your WordPress site.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>REST API Integration\u003C\u002Fstrong> – Extends WordPress REST API to support SEO metadata fields\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Yoast SEO Support\u003C\u002Fstrong> – Automatically sets focus keywords and meta descriptions for Yoast SEO\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rank Math Support\u003C\u002Fstrong> – Full compatibility with Rank Math SEO plugin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Indexables Rebuild\u003C\u002Fstrong> – Ensures Yoast SEO score indicators update correctly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Plugin Detection\u003C\u002Fstrong> – API endpoint to detect which SEO plugin is active\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate this plugin on your WordPress site\u003C\u002Fli>\n\u003Cli>Connect your WordPress site to SEO Rocket using Application Passwords\u003C\u002Fli>\n\u003Cli>Publish articles from SEO Rocket with one click\u003C\u002Fli>\n\u003Cli>SEO metadata (focus keywords, meta descriptions) sync automatically\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>REST API Endpoints\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Detect SEO Plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n    GET \u002Fwp-json\u002Fseo-rocket\u002Fv1\u002Fdetect-plugin\u003C\u002Fp>\n\u003Cp>Returns information about which SEO plugin is active on the site.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.9 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>Yoast SEO or Rank Math (recommended, but not required)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect any user data. It only provides REST API endpoints for publishing content from SEO Rocket.\u003C\u002Fp>\n","Publish SEO-optimized articles from SEO Rocket with automatic Yoast SEO and Rank Math metadata sync.",444,"2026-02-20T18:49:00.000Z","6.9.4","5.9",[102,53,23,24],"rank-math","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-rocket-integration.1.7.1.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":28,"num_ratings":28,"last_updated":114,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":115,"homepage":54,"download_link":117,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"publicator-helper","Publicator Helper","4.5","Mickael","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimebot\u002F","\u003Cp>Publicator Helper est un plugin WordPress qui permet de connecter votre site à Publicator.fr, une plateforme de génération automatique de contenu optimisé SEO.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fonctionnalités principales :\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Création automatique d’articles via API REST\u003C\u002Fli>\n\u003Cli>Gestion des métadonnées Yoast SEO\u003C\u002Fli>\n\u003Cli>Support des catégories WordPress\u003C\u002Fli>\n\u003Cli>Mise à jour des méta-données après publication\u003C\u002Fli>\n\u003Cli>Chargement automatique de FontAwesome pour les icônes\u003C\u002Fli>\n\u003Cli>Protection des styles CSS intégrés au contenu\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Prérequis :\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 5.0 ou supérieur\u003C\u002Fli>\n\u003Cli>Authentification par mot de passe d’application WordPress\u003C\u002Fli>\n\u003Cli>Yoast SEO (recommandé pour les métadonnées SEO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Connecteur indispensable pour Publicator.fr - Générateur de contenus optimisés SEO avec IA.",20,226,"2026-02-09T09:09:00.000Z",[20,116,53,23,24],"content","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublicator-helper.zip",{"attackSurface":119,"codeSignals":240,"taintFlows":258,"riskAssessment":284,"analyzedAt":298},{"hooks":120,"ajaxHandlers":231,"restRoutes":237,"shortcodes":238,"cronEvents":239,"entryPointCount":33,"unprotectedCount":33},[121,128,130,132,135,137,139,145,147,151,157,159,164,167,172,175,179,182,186,189,193,196,199,202,204,209,211,213,214,219,223,227],{"type":122,"name":123,"callback":124,"priority":125,"file":126,"line":127},"action","admin_init","register_admin_hooks",50,"class-frontity-headtags-plugin.php",81,{"type":122,"name":123,"callback":124,"priority":125,"file":126,"line":129},82,{"type":122,"name":123,"callback":124,"priority":125,"file":126,"line":131},83,{"type":122,"name":133,"callback":134,"priority":125,"file":126,"line":27},"rest_api_init","register_rest_hooks",{"type":122,"name":133,"callback":134,"priority":125,"file":126,"line":136},86,{"type":122,"name":133,"callback":134,"priority":125,"file":126,"line":138},87,{"type":122,"name":140,"callback":141,"priority":142,"file":143,"line":144},"template_redirect","redirect_canonical",10,"includes\\class-frontity-headtags.php",245,{"type":122,"name":140,"callback":141,"file":143,"line":146},270,{"type":122,"name":140,"callback":148,"priority":149,"file":143,"line":150},"rest_output_link_header",11,273,{"type":152,"name":153,"callback":154,"file":155,"line":156},"filter","frontity_headtags_result","filter_javascript","includes\\filters\\class-frontity-headtags-filters.php",19,{"type":152,"name":153,"callback":158,"file":155,"line":112},"filter_styles",{"type":122,"name":160,"callback":161,"file":162,"line":163},"profile_update","purge_headtags","includes\\hooks\\class-frontity-headtags-author-hooks.php",42,{"type":122,"name":165,"callback":161,"file":162,"line":166},"delete_user",43,{"type":122,"name":168,"callback":169,"file":170,"line":171},"save_post","purge_post_headtags","includes\\hooks\\class-frontity-headtags-post-type-hooks.php",66,{"type":122,"name":173,"callback":169,"file":170,"line":174},"delete_post",67,{"type":122,"name":176,"callback":161,"priority":142,"file":177,"line":178},"edited_term","includes\\hooks\\class-frontity-headtags-taxonomy-hooks.php",47,{"type":122,"name":180,"callback":161,"priority":142,"file":177,"line":181},"delete_term",48,{"type":122,"name":183,"callback":184,"file":185,"line":156},"frontity_headtags_replace_query","setup","includes\\integrations\\class-frontity-headtags-aioseo-3.php",{"type":122,"name":187,"callback":188,"file":185,"line":112},"frontity_headtags_restore_query","reset",{"type":152,"name":190,"callback":191,"file":185,"line":192},"frontity_headtags_html","rewrite_title",52,{"type":152,"name":194,"callback":194,"priority":112,"file":185,"line":195},"wp_title",54,{"type":152,"name":153,"callback":197,"file":185,"line":198},"filter_ldjson",64,{"type":122,"name":183,"callback":184,"file":200,"line":201},"includes\\integrations\\class-frontity-headtags-aioseo-4.php",28,{"type":122,"name":187,"callback":188,"file":200,"line":203},29,{"type":152,"name":205,"callback":206,"priority":207,"file":200,"line":208},"pre_get_document_title","filter_title",99999,32,{"type":152,"name":194,"callback":206,"priority":207,"file":200,"line":210},33,{"type":122,"name":183,"callback":184,"file":212,"line":156},"includes\\integrations\\class-frontity-headtags-yoast.php",{"type":122,"name":187,"callback":188,"file":212,"line":112},{"type":122,"name":215,"callback":216,"file":217,"line":218},"admin_menu","register_menu","shared\\class-frontity-plugin.php",137,{"type":122,"name":220,"callback":221,"file":217,"line":222},"admin_enqueue_scripts","register_script",138,{"type":122,"name":224,"callback":225,"file":217,"line":226},"admin_notices","render_warning",143,{"type":122,"name":228,"callback":229,"file":217,"line":230},"init","should_run",246,[232],{"action":233,"nopriv":234,"callback":235,"hasNonce":234,"hasCapCheck":234,"file":126,"line":236},"frontity_headtags_clear_cache",false,"Frontity_Headtags_Plugin::clear_cache",91,[],[],[],{"dangerousFunctions":241,"sqlUsage":242,"outputEscaping":245,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":257},[],{"prepared":243,"raw":28,"locations":244},3,[],{"escaped":243,"rawEcho":246,"locations":247},4,[248,251,253,255],{"file":217,"line":249,"context":250},170,"raw output",{"file":217,"line":252,"context":250},172,{"file":217,"line":254,"context":250},173,{"file":217,"line":256,"context":250},174,[],[259,276],{"entryPoint":260,"graph":261,"unsanitizedCount":33,"severity":275},"save_settings (shared\\class-frontity-plugin.php:221)",{"nodes":262,"edges":273},[263,267],{"id":264,"type":265,"label":266,"file":217,"line":113},"n0","source","$_POST",{"id":268,"type":269,"label":270,"file":217,"line":271,"wp_function":272},"n1","sink","update_option() [Settings Manipulation]",228,"update_option",[274],{"from":264,"to":268,"sanitized":234},"low",{"entryPoint":277,"graph":278,"unsanitizedCount":33,"severity":275},"\u003Cclass-frontity-plugin> (shared\\class-frontity-plugin.php:0)",{"nodes":279,"edges":282},[280,281],{"id":264,"type":265,"label":266,"file":217,"line":113},{"id":268,"type":269,"label":270,"file":217,"line":271,"wp_function":272},[283],{"from":264,"to":268,"sanitized":234},{"summary":285,"deductions":286},"The \"rest-api-head-tags\" plugin version 1.2.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and has no known vulnerabilities in its history, suggesting a history of stable and secure development. It also avoids file operations and external HTTP requests, which are common sources of vulnerabilities.\n\nHowever, significant concerns arise from the attack surface analysis. The plugin exposes a single AJAX handler that lacks any authentication or capability checks. This is a critical weakness, as it provides an unprotected entry point for malicious actors. While no critical or high severity taint flows were identified, the presence of two flows with unsanitized paths is concerning and could potentially lead to issues if the data handled by these flows is ever exploited. The low percentage of properly escaped output further exacerbates this risk, as it increases the likelihood of cross-site scripting (XSS) vulnerabilities.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure SQL handling, the unprotected AJAX endpoint and the unescaped output represent substantial security risks that need immediate attention. The absence of nonce and capability checks on its single entry point is a major oversight that could be exploited.",[287,289,292,294,296],{"reason":288,"points":142},"AJAX handler without auth checks",{"reason":290,"points":291},"Low percentage of properly escaped output",5,{"reason":293,"points":246},"Flows with unsanitized paths",{"reason":295,"points":291},"No nonce checks on AJAX",{"reason":297,"points":291},"No capability checks","2026-03-16T20:27:35.870Z",{"wat":300,"direct":306},{"assetPaths":301,"generatorPatterns":303,"scriptPaths":304,"versionParams":305},[302],"\u002Fwp-content\u002Fplugins\u002Frest-api-head-tags\u002Fadmin\u002Fbuild\u002Fbundle.js",[],[302],[],{"cssClasses":307,"htmlComments":308,"htmlAttributes":309,"restEndpoints":310,"jsGlobals":311,"shortcodeOutput":314},[],[],[],[],[312,313],"window.frontity.plugins.frontity_headtags.url","window.frontity.plugins.frontity_headtags.settings",[]]