Does RESTless have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is RESTless compatible with WordPress 4.9.29?

According to WordPress.org data, RESTless 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is RESTless updated?

RESTless was last updated on Jun 29, 2018. Frequent updates are generally a positive security signal.

What is RESTless's security score?

RESTless has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RESTless Security & Risk Analysis

wordpress.org/plugins/restless

RESTless disables REST calls for non-authenticated requests.

10 active installs v1.0 PHP + WP 4.4+ Updated Jun 29, 2018

restrest-apisecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RESTless Safe to Use in 2026?

Generally Safe

Score 85/100

RESTless has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'restless' v1.0 plugin exhibits an exceptionally clean static analysis report, showing no identifiable attack surface, dangerous functions, or security-related code signals like SQL queries, file operations, or external requests. The absence of taint flows with unsanitized paths further strengthens this positive assessment. This suggests the plugin has been developed with security best practices in mind, or its functionality is so minimal that it doesn't expose common vulnerability vectors.

The vulnerability history is equally reassuring, with zero known CVEs reported for this plugin. This lack of past issues, especially critical or high-severity ones, indicates a stable and well-maintained codebase over time. Coupled with the static analysis findings, this paints a picture of a highly secure plugin at this version.

While the current state is excellent, the extremely low attack surface reported (zero entry points) might also suggest very limited functionality. For a plugin with such minimal exposed interfaces and no recorded vulnerabilities, the security posture is very good. However, it's always prudent to remain vigilant, as even seemingly simple plugins can harbor subtle issues if their functionality grows or if integrations with other components introduce new risks.

Vulnerabilities

None known

RESTless Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

RESTless Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

RESTless Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

RESTless Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

filterrest_authentication_errorsrestless.php:39

Maintenance & Trust

RESTless Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJun 29, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

RESTless Alternatives

SMNTCS Disable REST API User Endpoints

smntcs-disable-rest-api-user-endpoints

Disable the REST API user endpoints due to obscure user slugs.

6K No CVEs

WPControl – The Easiest Optimization Plugin for WordPress

wpcontrol

The easiest way to improve your website's security, performance, and user experience.

200 No CVEs

GhostGate

ghostgate

100

Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.

20 No CVEs

WP REST API Key Authentication

rest-api-key-authentication

A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.

20 No CVEs

Keys Master

keys-master

100

Powerful application passwords manager for WordPress with role-based usage control and full analytics reporting capabilities.

10 No CVEs

Developer Profile

RESTless Developer Profile

BjornW

8 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RESTless

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ