[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzLlJBAFQK_1RPgxuPiUE0FEnJ-v-g-hF5INQb2DrgjA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":129,"fingerprints":240},"wp-api-swaggerui","WP API SwaggerUI","1.1.2","agussuroyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fagussuroyo\u002F","\u003Cp>SwaggerUI used to make WordPress REST API endpoint have a interactive UI, so we can check our API endpoint directly from the website it self\u003C\u002Fp>\n\u003Cp>Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for GET, POST, PUT, PATCH and DELETE request method\u003C\u002Fli>\n\u003Cli>Support for Auth Basic authorization method\u003C\u002Fli>\n\u003Cli>Choose which namespace API that will be used on the SwaggerUI\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress REST API with Swagger UI.",2000,63277,100,11,"2022-07-10T14:14:00.000Z","5.9.13","4.7","5.4",[20,21,22,23,24],"swaggerui","swaggerui-rest-api","wp-swagger-rest-api","wp-swaggerui","wp-rest-api","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-swaggerui.1.2.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-03T21:12:49.124Z",[38,61,82,96,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":17,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":48,"vuln_count":33,"unpatched_count":28,"last_vuln_date":60,"fetched_at":30},"wp-rest-cache","WP REST Cache","2026.1.3","Acato","https:\u002F\u002Fprofiles.wordpress.org\u002Facato\u002F","\u003Cp>Are you facing speed issues, using the WordPress REST API? This plugin will allow WordPress to cache the responses of the REST API, making it much faster.\u003C\u002Fp>\n\u003Cp>This plugin offers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Caching of all default WordPress REST API \u003Ccode>GET\u003C\u002Fcode>-endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) post type endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) taxonomy endpoints.\u003C\u002Fli>\n\u003Cli>Automated flushing of caches if (some of) its contents are edited.\u003C\u002Fli>\n\u003Cli>Manual flushing of all caches.\u003C\u002Fli>\n\u003Cli>Manual flushing of specific caches.\u003C\u002Fli>\n\u003Cli>A counter how many times a cache has been retrieved.\u003C\u002Fli>\n\u003Cli>Specifying after what time the cache should be timed out.\u003C\u002Fli>\n\u003Cli>Registering custom endpoints for caching.\u003C\u002Fli>\n\u003Cli>Automatic cache regeneration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WP REST Cache Pro\u003C\u002Fstrong>\u003Cbr \u002F>\nFor more advanced features, check out our \u003Ca href=\"https:\u002F\u002Fplugins.acato.nl\u002F\" rel=\"nofollow ugc\">WP REST Cache Pro\u003C\u002Fa> plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure custom endpoints for caching through the wp-admin interface.\u003C\u002Fli>\n\u003Cli>Configure relationships within endpoints.\u003C\u002Fli>\n\u003Cli>No coding required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-cache\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>After activation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Must-Use’ (or ‘My Sites > Network Admin > Plugins > Must-Use’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Check if the ‘WP REST Cache – Must-Use Plugin’ is there, if not copy the file \u003Ccode>wp-rest-cache.php\u003C\u002Fcode> from the \u003Ccode>\u002Fsources\u003C\u002Fcode> folder of the WP REST Cache Plugin to the folder \u003Ccode>\u002Fwp-content\u002Fmu-plugins\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Optionally:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe default timeout for caches generated by the WP REST Cache plugin is set to 1 year. If you want to change this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Visit ‘Settings > WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Change the Cache timeout.\u003C\u002Fli>\n\u003C\u002Fol>\n","Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.",10000,366709,98,42,"2026-03-03T09:38:00.000Z","6.8.5","7.0",[54,55,56,57,24],"api","cache","rest","rest-cache","https:\u002F\u002Fwww.acato.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-cache.2026.1.3.zip","2025-07-28 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":17,"requires_php":25,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-api-log","REST API Log","1.7.0","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>WordPress plugin to log \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa> requests and responses (for v2 of the API).\u003C\u002Fp>\n\u003Cp>Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress admin page to view and search log entries\u003C\u002Fli>\n\u003Cli>API endpoint to access log entries via JSON\u003C\u002Fli>\n\u003Cli>Filters to customize logging\u003C\u002Fli>\n\u003Cli>Custom endpoint logging\u003C\u002Fli>\n\u003Cli>ElasticPress logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Roadmap\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better search capabilities for log entries via the REST API endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin to log REST API requests and responses",5000,113000,72,24,"2025-01-02T16:29:00.000Z","6.7.5",[54,76,77,78,24],"json","rest-api","wp-api","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-log.1.7.0.zip",92,{"slug":83,"name":84,"version":85,"author":65,"author_profile":66,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":13,"num_ratings":89,"last_updated":90,"tested_up_to":74,"requires_at_least":91,"requires_php":25,"tags":92,"homepage":94,"download_link":95,"security_score":81,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"rest-api-toolbox","REST API Toolbox","1.4.4","\u003Cp>Allows tweaking of several REST API settings\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable the REST API\u003C\u002Fli>\n\u003Cli>Remove WordPress core endpoints\u003C\u002Fli>\n\u003Cli>Require authentication for core endpoints\u003C\u002Fli>\n\u003Cli>Force SSL\u003C\u002Fli>\n\u003Cli>WP-CLI commands: wp rest-api-toolbox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on GitHub at https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-toolbox\u003C\u002Fp>\n\u003Cp>(Creative commons toolbox image provided by James Tworow https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fsherlock77\u002F)\u003C\u002Fp>\n","Allows tweaking of several REST API settings",40876,8,"2025-01-02T16:18:00.000Z","4.4",[93,56,77,24],"json-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api-toolbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-toolbox.1.4.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":13,"num_ratings":89,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":25,"tags":108,"homepage":111,"download_link":112,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",107511,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[76,109,110,78,24],"json-rest-api","menus","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":114,"name":115,"version":116,"author":42,"author_profile":43,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":13,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":17,"requires_php":18,"tags":124,"homepage":25,"download_link":128,"security_score":81,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-yoast-meta","WP REST Yoast Meta","2025.1.0","\u003Cp>\u003Cem>This plugin is no longer updated, but is open for adoption\u003C\u002Fem>\u003Cbr \u002F>\nAs of Yoast SEO version 16.7 the functionality provided by this plugin is now \u003Ca href=\"https:\u002F\u002Fdeveloper.yoast.com\u002Fcustomization\u002Fapis\u002Frest-api\u002F\" rel=\"nofollow ugc\">part of the Yoast SEO plugin\u003C\u002Fa> itself. This plugin will no longer be updated, but is open for adoption. If you are interested in adopting this plugin, please contact the authors.\u003C\u002Fp>\n\u003Cp>Are you using WordPress for a headless set-up, using the WP REST API? And would you like to use the Yoast SEO plugin just like you would for any other project? This plugin adds the meta tags generated by the Yoast SEO plugin to the WP REST API output, allowing your headless set-up to implement them. Also when you are using Yoast SEO Premium you have the option to retrieve redirects throught the API: this plugin adds a custom endpoint (\u003Ccode>\u002Fwp-rest-yoast-meta\u002Fv1\u002Fredirects\u003C\u002Fcode>) to provide those redirects in a JSON format. Since Yoast 11.0 JSON LD Schema.org data is also supported and is now also available through the WP REST API when using this plugin.\u003C\u002Fp>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Yoast Meta’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-yoast-meta\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds meta tags as generated by Yoast SEO to the WP REST API. And adds a custom endpoint to retrieve all redirects as they are set in Yoast SEO Premium &hellip;",1000,31743,6,"2025-01-23T09:31:00.000Z","5.7.15",[125,54,126,24,127],"adopt-me","wp-rest","yoast","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-yoast-meta.2025.1.0.zip",{"attackSurface":130,"codeSignals":190,"taintFlows":207,"riskAssessment":233,"analyzedAt":239},{"hooks":131,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":28,"unprotectedCount":28},[132,139,141,145,148,152,158,162,166,171,175,178,182],{"type":133,"name":134,"callback":135,"priority":136,"file":137,"line":138},"filter","determine_current_user","handler",14,"swaggerauth.php",40,{"type":133,"name":134,"callback":135,"priority":136,"file":137,"line":140},96,{"type":133,"name":142,"callback":142,"priority":143,"file":137,"line":144},"authenticate",21,97,{"type":133,"name":146,"callback":147,"file":137,"line":48},"rest_authentication_errors","error",{"type":133,"name":149,"callback":150,"file":137,"line":151},"swagger_api_security_definitions","appendSwaggerAuth",99,{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","admin_notices","notices","swaggersetting.php",17,{"type":153,"name":159,"callback":160,"file":156,"line":161},"admin_menu","menu",52,{"type":153,"name":163,"callback":164,"file":156,"line":165},"init","saveSetting",53,{"type":153,"name":167,"callback":168,"priority":151,"file":169,"line":170},"template_include","view","swaggertemplate.php",78,{"type":153,"name":172,"callback":173,"priority":151,"file":169,"line":174},"wp_enqueue_scripts","removeQueuedScritps",79,{"type":153,"name":172,"callback":176,"priority":151,"file":169,"line":177},"enqueueScritps",80,{"type":153,"name":163,"callback":179,"file":180,"line":181},"routes","wp-api-swaggerui.php",458,{"type":153,"name":183,"callback":184,"file":180,"line":185},"wp","swagger",459,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":195,"fileOperations":28,"externalRequests":28,"nonceChecks":33,"capabilityChecks":33,"bundledLibraries":206},[],{"prepared":193,"raw":28,"locations":194},2,[],{"escaped":196,"rawEcho":197,"locations":198},10,3,[199,202,204],{"file":156,"line":200,"context":201},22,"raw output",{"file":156,"line":203,"context":201},33,{"file":205,"line":193,"context":201},"template\\setting.php",[],[208,225],{"entryPoint":209,"graph":210,"unsanitizedCount":28,"severity":224},"saveSetting (swaggersetting.php:9)",{"nodes":211,"edges":221},[212,216],{"id":213,"type":214,"label":215,"file":156,"line":136},"n0","source","$_POST['swagger_api_basepath']",{"id":217,"type":218,"label":219,"file":156,"line":136,"wp_function":220},"n1","sink","update_option() [Settings Manipulation]","update_option",[222],{"from":213,"to":217,"sanitized":223},true,"low",{"entryPoint":226,"graph":227,"unsanitizedCount":28,"severity":224},"\u003Cswaggersetting> (swaggersetting.php:0)",{"nodes":228,"edges":231},[229,230],{"id":213,"type":214,"label":215,"file":156,"line":136},{"id":217,"type":218,"label":219,"file":156,"line":136,"wp_function":220},[232],{"from":213,"to":217,"sanitized":223},{"summary":234,"deductions":235},"The wp-api-swaggerui v1.1.2 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, coupled with the fact that all SQL queries utilize prepared statements and there are no identified taint flows, suggests a robust approach to secure coding. The plugin also demonstrates good practices by including nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities.\n\nHowever, the static analysis does reveal a potential area of concern regarding output escaping. With 13 total outputs and approximately 77% properly escaped, there's a possibility that a portion of the plugin's output might not be sufficiently sanitized. While the taint analysis didn't flag any unsanitized paths, the incomplete escaping could, under specific circumstances or in conjunction with other factors, lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly echoed without proper sanitization. The limited attack surface (0 entry points) is a significant strength, but the incomplete output escaping warrants attention.\n\nIn conclusion, wp-api-swaggerui v1.1.2 appears to be a relatively secure plugin with no known critical vulnerabilities. Its strengths lie in the lack of historical vulnerabilities and the secure handling of database interactions. The primary area for improvement and a minor security concern is the incomplete output escaping, which, though not currently exploited or flagged as critical, represents a potential weak point that should be addressed to achieve a fully hardened security profile.",[236],{"reason":237,"points":238},"Incomplete output escaping",5,"2026-03-16T18:31:46.578Z",{"wat":241,"direct":256},{"assetPaths":242,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[243,244,245,246,247],"\u002Fwp-content\u002Fplugins\u002Fwp-api-swaggerui\u002Fcss\u002Fswagger-ui.css","\u002Fwp-content\u002Fplugins\u002Fwp-api-swaggerui\u002Fjs\u002Fswagger-ui-bundle.js","\u002Fwp-content\u002Fplugins\u002Fwp-api-swaggerui\u002Fjs\u002Fswagger-ui-standalone-preset.js","\u002Fwp-content\u002Fplugins\u002Fwp-api-swaggerui\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-api-swaggerui\u002Fjs\u002Fwp-api-swaggerui.js",[],[244,245,247],[251,252,253,254,255],"wp-api-swaggerui\u002Fcss\u002Fswagger-ui.css?ver=","wp-api-swaggerui\u002Fjs\u002Fswagger-ui-bundle.js?ver=","wp-api-swaggerui\u002Fjs\u002Fswagger-ui-standalone-preset.js?ver=","wp-api-swaggerui\u002Fcss\u002Fstyle.css?ver=","wp-api-swaggerui\u002Fjs\u002Fwp-api-swaggerui.js?ver=",{"cssClasses":257,"htmlComments":259,"htmlAttributes":260,"restEndpoints":262,"jsGlobals":264,"shortcodeOutput":268},[258],"swagger-ui",[],[261],"data-swagger-url",[263],"\u002Fwp-json\u002Fswagger\u002Fv1\u002Fschema",[265,266,267],"SwaggerUIBundle","SwaggerUIStandalonePreset","wpApiSwaggerUI",[]]