Does API Endpoints have any unpatched vulnerabilities?

No. All known vulnerabilities in API Endpoints have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is API Endpoints compatible with WordPress 4.2.39?

According to WordPress.org data, API Endpoints 1.1 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is API Endpoints updated?

API Endpoints was last updated on Aug 14, 2015. Frequent updates are generally a positive security signal.

What is API Endpoints's security score?

API Endpoints has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

API Endpoints Security & Risk Analysis

wordpress.org/plugins/twig-anything-api-endpoints

Add WordPress API endpoints and access your site's data in JSON, XML, RSS/ATOM, YAML or HTML.

10 active installs v1.1 PHP + WP 3.6.1+ Updated Aug 14, 2015

apiapi-clientintegrationrestrestful

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is API Endpoints Safe to Use in 2026?

Generally Safe

Score 85/100

API Endpoints has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "twig-anything-api-endpoints" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids file operations and external HTTP requests. The absence of known vulnerabilities in its history is also a strong indicator of past security diligence.

However, significant concerns are raised by the static analysis. The plugin exposes a single entry point via an AJAX handler that completely lacks authentication checks. Furthermore, while there is one capability check, it's associated with this unprotected AJAX handler. The taint analysis reveals two flows with unsanitized paths, although these are not flagged as critical or high severity, they still represent potential risks of unexpected behavior or information disclosure if data is not handled with sufficient care. The low rate of proper output escaping (20%) indicates a potential for cross-site scripting (XSS) vulnerabilities in the plugin's output.

Key Concerns

AJAX handler without authentication
Unsanitized paths in taint flows
Low percentage of output escaping
Missing nonce checks on AJAX

Vulnerabilities

None known

API Endpoints Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

API Endpoints Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save (OptionsPage.php:79)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

API Endpoints Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_twig_anything_api_endpoint_save_settingstwig-anything-api-endpoints.php:80

WordPress Hooks 5

actioninittwig-anything-api-endpoints.php:76

actiontemplate_redirecttwig-anything-api-endpoints.php:77

actionadmin_menutwig-anything-api-endpoints.php:78

actionadmin_enqueue_scriptstwig-anything-api-endpoints.php:79

actionadmin_noticestwig-anything-api-endpoints.php:81

Maintenance & Trust

API Endpoints Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedAug 14, 2015

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

API Endpoints Alternatives

Contact Form to Any API

contact-form-to-any-api

Send Contact Form 7 submissions to any API, Webhook or CRM - quick setup, flexible payloads, endpoints and authentication.

9K 4 CVEs

JSON API User

json-api-user

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE

mosparo Integration

mosparo-integration

100

The plugin adds the functionality to use mosparo in WordPress forms or forms from Contact Form 7, Everest Form, and other plugins.

700 No CVEs

PZZ API Client

pzz-api-client

Provides a set of RESTful APIs, developed specifically for Mobile clients that want to connect to your WordPress/WooCommerce website.

20 No CVEs

CAFEHAUS API

cafe-api

兼容小程序、APP和H5的多端 API 插件，提供更加优雅的路由、入参和出参，开箱即用零依赖零设置，让前端用着更省心

10 No CVEs

Developer Profile

API Endpoints Developer Profile

meglio

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect API Endpoints

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints

/wp-json/twig-anything-api-endpoints/v1

FAQ