[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpKqCBKVi74y_teJrX-0W3Fjg3eXgUdoe-y9gpQOq28o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":11,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":117},"wp-api-stats","API Stats","1.4","Salar Gholizadeh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsalar6990\u002F","\u003Cp>Do you use WordPress’s REST-API system to serve applications?\u003Cbr \u002F>\nAPI Stats allows you to view and monitor API requests to your website on a clear chart.\u003Cbr \u002F>\nyou can easily view statistics in different time spans and durations.\u003C\u002Fp>\n\u003Ch4>API Stat’s main Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Record any route from all plugins (e.g WooCommerce) and WordPress core\u003C\u002Fli>\n\u003Cli>Filter API requests by date\u003C\u002Fli>\n\u003Cli>Adjust duration of points\u003C\u002Fli>\n\u003Cli>Show\u002FFilter known request types such as GET, POST, PUT, PATCH, DELETE,…\u003C\u002Fli>\n\u003Cli>List of most requested routes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can view this project at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsalar90\u002Fwp-api-stats\" rel=\"nofollow ugc\">API stat’s Github page\u003C\u002Fa>\u003C\u002Fp>\n","View and filter API calls to your website with details about Method, Path, Response time, and Count.",100,2890,3,"","6.4.8","4.4","5.6",[19],"api-rest-api-statistics-stats","https:\u002F\u002Fgithub.com\u002Fsalar90\u002Fwp-api-stats","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-stats.1.4.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"salar6990",300,90,30,87,"2026-04-04T05:01:55.953Z",[],{"attackSurface":35,"codeSignals":74,"taintFlows":103,"riskAssessment":104,"analyzedAt":116},{"hooks":36,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":71,"entryPointCount":22,"unprotectedCount":22},[37,43,47,53,56,60,64],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","sg_api_stats_cron","sg_api_clear_old_data","administration.php",16,{"type":38,"name":44,"callback":44,"file":45,"line":46},"admin_menu","class-wp-api-stats.php",19,{"type":48,"name":49,"callback":50,"priority":51,"file":45,"line":52},"filter","rest_pre_serve_request","pre_serve",5,22,{"type":38,"name":54,"callback":54,"priority":51,"file":45,"line":55},"rest_api_init",23,{"type":38,"name":57,"callback":58,"file":45,"line":59},"admin_print_scripts","add_js_data",26,{"type":38,"name":61,"callback":62,"file":45,"line":63},"admin_enqueue_scripts","load_admin_style",29,{"type":38,"name":65,"callback":66,"file":45,"line":67},"admin_print_styles-tools_page_api-stats","load_admin_inline_style",32,[],[],[],[72],{"hook":39,"callback":39,"file":41,"line":73},11,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":85,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":102},[],{"prepared":77,"raw":77,"locations":78},2,[79,82],{"file":41,"line":80,"context":81},25,"$wpdb->query() with variable interpolation",{"file":45,"line":83,"context":84},154,"$wpdb->get_results() with variable interpolation",{"escaped":51,"rawEcho":86,"locations":87},7,[88,91,93,95,96,99,100],{"file":45,"line":89,"context":90},252,"raw output",{"file":45,"line":92,"context":90},290,{"file":94,"line":42,"context":90},"views\\admin-panel.php",{"file":94,"line":52,"context":90},{"file":97,"line":98,"context":90},"views\\table.php",18,{"file":97,"line":46,"context":90},{"file":97,"line":101,"context":90},20,[],[],{"summary":105,"deductions":106},"The wp-api-stats plugin version 1.4 presents a generally good security posture, with no known critical or high-severity vulnerabilities in its history and a clean taint analysis.  The plugin appears to adhere to good practices by avoiding dangerous functions and external HTTP requests.  However, several areas warrant attention.  The absence of nonce checks is a significant concern, especially given that the plugin has cron events, which can be triggered by unauthenticated users if not properly secured.  Furthermore, while SQL queries are present, 50% are not using prepared statements, posing a risk of SQL injection.  The output escaping is also suboptimal at 42%, indicating potential for cross-site scripting (XSS) vulnerabilities.\n\nWhile the plugin has no recorded vulnerabilities, the lack of comprehensive security checks like nonces and prepared statements, coupled with the limited output escaping, leaves room for potential exploitation. The plugin's strengths lie in its limited attack surface and lack of dangerous functions. However, the identified weaknesses, particularly around input validation and privilege escalation vectors, prevent it from being considered fully secure.  Recommendations would focus on implementing nonce checks for all entry points and ensuring all SQL queries utilize prepared statements, along with improving output escaping practices.",[107,110,112,114],{"reason":108,"points":109},"No nonce checks found",10,{"reason":111,"points":51},"50% of SQL queries not using prepared statements",{"reason":113,"points":51},"Low percentage of properly escaped output (42%)",{"reason":115,"points":51},"No capability checks found","2026-03-16T20:32:01.758Z",{"wat":118,"direct":129},{"assetPaths":119,"generatorPatterns":123,"scriptPaths":124,"versionParams":125},[120,121,122],"\u002Fwp-content\u002Fplugins\u002Fwp-api-stats\u002Fassets\u002Fchartjs\u002FChart.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-api-stats\u002Fassets\u002Fchartjs\u002FChart.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-api-stats\u002Fassets\u002Fdraw.js",[],[122],[126,127,128],"wp-api-stats\u002Fassets\u002Fchartjs\u002FChart.min.css?ver=","wp-api-stats\u002Fassets\u002Fchartjs\u002FChart.min.js?ver=","wp-api-stats\u002Fassets\u002Fdraw.js?ver=",{"cssClasses":130,"htmlComments":131,"htmlAttributes":132,"restEndpoints":133,"jsGlobals":135,"shortcodeOutput":137},[],[],[],[134],"\u002Fwp-json\u002Fapi-stats\u002F",[136],"window.api_stats",[]]