[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDXNGU9eSiDRxGivBd27hm_80goABiBnAzyMZRstx2xI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":116,"fingerprints":161},"tutexp-rest-api-menu","Tutexp Rest Api Menu","1.0.0","tapos007","https:\u002F\u002Fprofiles.wordpress.org\u002Ftapos007\u002F","\u003Cp>This plugin extends the WordPress REST API  with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adding menus endpoints on WP REST API v2",0,1139,"","4.8.28","4.4",[17,18,19,20,21],"api","json","json-rest-api","menu-routes","menus","http:\u002F\u002Ftutexp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftutexp-rest-api-menu.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,93,30,89,"2026-04-04T11:07:53.018Z",[35,51,70,87,102],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":10,"active_installs":42,"downloaded":43,"rating":24,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":15,"requires_php":13,"tags":47,"homepage":13,"download_link":48,"security_score":49,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":50},"wp-rest-api-v2-menus","WP-REST-API V2 Menus","0.12.1","thebatclaudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudiolabarbera\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress REST API (Version 2)\u003C\u002Fa> with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u003C\u002Fcode> list of every registered menu location in your theme.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatible with ACF menu’s custom attributes and menu item’s custom attributes.\u003C\u002Fp>\n\u003Cp>Compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmenu-image\u002F\" rel=\"ugc\">Menu Image, Icons made easy\u003C\u002Fa>.\u003C\u002Fp>\n",3000,164931,6,"2022-11-09T13:29:00.000Z","6.0.11",[17,18,19,20,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-v2-menus.0.12.1.zip",85,"2026-03-15T15:16:48.613Z",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":24,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":13,"tags":65,"homepage":68,"download_link":69,"security_score":49,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":50},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107511,8,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[18,19,21,66,67],"wp-api","wp-rest-api","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":11,"num_ratings":11,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":85,"download_link":86,"security_score":49,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":50},"wp-rest-api-menus","WP-REST-API Menus","1.0","jcdev518","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcdev518\u002F","\u003Cp>This plugin adds “routes” or “endpoints” to WP REST API that allows for retrieval of\u003Cbr \u002F>\nmenu data as JSON.\u003C\u002Fp>\n\u003Cp>Updated port of “WP-REST-API V2 Menus” by Claudio La Barbera (http:\u002F\u002Fwww.claudiolabarbera.com)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all registered menus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Get menu data as JSON from menu slug:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Gets the contents of a registered menu by its “slug”.\u003C\u002Fp>\n\u003Cp>When assigning a menu a location in \u002Fwp-admin\u002Fnav-menus.php?action=locations\u003Cbr \u002F>\nthe slug is the name of the menu in lowercase and without any spaces like a post slug.\u003C\u002Fp>\n\u003Cp>If your menu name is Main Menu:\u003Cbr \u002F>\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fmenus\u002Fv1\u002Fwp-menus\u002Fmain-menu\u003C\u002Fp>\n","Adds menu endpoints to core WP REST API.",70,2395,"2018-03-26T22:33:00.000Z","4.9.29","4.7.0","5.6",[18,19,21,66,67],"https:\u002F\u002Fwww.amorphouswebsolutions.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-menus.zip",{"slug":88,"name":89,"version":73,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":96,"homepage":100,"download_link":101,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"json-rest-api-subscriptions","JSON REST API Subscriptions","Taylor Lovett","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlovett1\u002F","\u003Cp>If you are publishing content and have users\u002Fwebsites digesting your content, you may have been faced with the problem: how do I get updates to users immediately? In the past users\u002Fwebsites have subscribed to feeds or used techniques like “polling” to constantly ping your site for new content. Both these techniques are cumbersome and old fashioned. JSON REST API Subscriptions creates new API endpoints to allow people to subscribe to new content, content updates, and content deletes across general post types as well as single pieces of content.\u003C\u002Fp>\n\u003Cp>Requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">JSON REST API 2.0beta12+\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For details on the plugin and extended usage\u002Finstallation documentation, please visit \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Configuring and Using the Plugin\u003C\u002Fh3>\n\u003Cp>Please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa> for detailed configuration instructions.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For full documentation, questions, feature requests, and support concerning JSON REST API Subscriptions, please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enable subscriptions to posts, pages, and custom post types. Users can securely subscribe via simple API routes to created\u002Fupdated\u002Fdeleted content.",10,2671,[97,19,98,99,66],"api-webhooks","rest-api","webhooks","http:\u002F\u002Fwww.taylorlovett.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-rest-api-subscriptions.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":94,"downloaded":110,"rating":11,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":64,"requires_php":13,"tags":113,"homepage":13,"download_link":115,"security_score":49,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":50},"wp-api-v2-woocommerce-endpoints","WP API (V2) WooCommerce endpoints","1.0.2","Oleg Kostin","https:\u002F\u002Fprofiles.wordpress.org\u002Foleg2tor\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new endpoints for WooCommerce (is_shop, is_cart, is_checkout, is_account_page) page functions\u003C\u002Fp>\n","Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).",1916,"2016-04-26T00:10:00.000Z","4.5.33",[18,19,114,66,67],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-v2-woocommerce-endpoints.zip",{"attackSurface":117,"codeSignals":140,"taintFlows":147,"riskAssessment":148,"analyzedAt":160},{"hooks":118,"ajaxHandlers":125,"restRoutes":126,"shortcodes":138,"cronEvents":139,"entryPointCount":29,"unprotectedCount":29},[119],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","rest_api_init","closure","tutexp_rest_api_v2_menu.php",84,[],[127,133],{"namespace":128,"route":129,"methods":130,"callback":132,"permissionCallback":25,"file":123,"line":49},"tutexpmenu\u002Fv2","\u002Fmenus",[131],"GET","tutexp_wp_api_v2_menus_get_all_menus",{"namespace":128,"route":134,"methods":135,"callback":136,"permissionCallback":25,"file":123,"line":137},"\u002Fmenus\u002F(?P\u003Cid>[a-zA-Z_(-]+)",[131],"tutexp_wp_api_v2_menus_get_menu_data",90,[],[],{"dangerousFunctions":141,"sqlUsage":142,"outputEscaping":144,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":146},[],{"prepared":11,"raw":11,"locations":143},[],{"escaped":11,"rawEcho":11,"locations":145},[],[],[],{"summary":149,"deductions":150},"The plugin 'tutexp-rest-api-menu' v1.0.0 exhibits a concerning security posture primarily due to its unprotected REST API routes.  While the static analysis reveals no dangerous functions, SQL injection vulnerabilities, or output escaping issues, and there's no known vulnerability history, the presence of two REST API routes without permission callbacks represents a significant attack vector. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure depending on their functionality.\n\nThe absence of nonce checks and capability checks on these routes further exacerbates the risk. The lack of taint analysis data is noted, but the existing findings are sufficient to warrant caution.  The plugin demonstrates good practices in its use of prepared statements for SQL queries, but this strength is overshadowed by the critical oversight in securing its entry points. Users should be aware that while the plugin has no past vulnerabilities, the current design leaves it open to exploitation.",[151,153,156,158],{"reason":152,"points":94},"REST API routes without permission callbacks",{"reason":154,"points":155},"Total entry points without auth checks",5,{"reason":157,"points":155},"Missing capability checks",{"reason":159,"points":155},"Missing nonce checks","2026-03-17T05:41:47.991Z",{"wat":162,"direct":167},{"assetPaths":163,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[],[],[],[],{"cssClasses":168,"htmlComments":169,"htmlAttributes":170,"restEndpoints":171,"jsGlobals":174,"shortcodeOutput":175},[],[],[],[172,173],"tutexpmenu\u002Fv2\u002Fmenus","tutexpmenu\u002Fv2\u002Fmenus\u002F(?P\u003Cid>[a-zA-Z_(-]+",[],[]]