[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXFSLLR2MOgL_oAynoUeXcDe1H84bxtXZUDi-Y3MQFNI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":111,"crawl_stats":38,"alternatives":118,"analysis":207,"fingerprints":612},"wp-graphql","WPGraphQL","2.10.0","Jason Bahl","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasonbahl\u002F","\u003Cp>WPGraphQL is a free, open-source WordPress plugin that provides an extendable GraphQL schema and API for any WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get Started\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install WPGraphQL: \u003Ccode>wp plugin install wp-graphql --activate\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Try it out: \u003Ca href=\"https:\u002F\u002Frepl.wpgraphql.com\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Read the \u003Ca href=\"https:\u002F\u002Fwpgraphql.com\u002Fdocs\u002Fquick-start\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Join the \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FAGVBqqyaUY\" rel=\"nofollow ugc\">Community on Discord\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\" rel=\"nofollow ugc\">Star the Repo\u003C\u002Fa>!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Flexible API\u003C\u002Fstrong>: Query posts, pages, custom post types, taxonomies, users, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extendable Schema\u003C\u002Fstrong>: Easily add functionality with WPGraphQL’s API, enabling custom integrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatible with Modern Frameworks\u003C\u002Fstrong>: Works seamlessly with \u003Ca href=\"https:\u002F\u002Fvercel.com\u002Fguides\u002Fwordpress-with-vercel\" rel=\"nofollow ugc\">Next.js\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fdocs.astro.build\u002Fen\u002Fguides\u002Fcms\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Astro\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.okupter.com\u002Fblog\u002Fheadless-wordpress-graphql-sveltekit\" rel=\"nofollow ugc\">SvelteKit\u003C\u002Fa>, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized Performance\u003C\u002Fstrong>: Fetch exactly the data you need in a single query. Boost performance with \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\u002Ftree\u002Fmain\u002Fplugins\u002Fwp-graphql-smart-cache\" rel=\"nofollow ugc\">WPGraphQL Smart Cache\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WPGraphQL is becoming a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2024\u002F10\u002Fwpgraphql\u002F\" rel=\"ugc\">Canonical Plugin\u003C\u002Fa> on WordPress.org, ensuring long-term support and a growing community of users and contributors.\u003C\u002Fp>\n\u003Ch4>Upgrading\u003C\u002Fh4>\n\u003Cp>It is recommended that anytime you want to update WPGraphQL that you get familiar with what’s changed in the release.\u003C\u002Fp>\n\u003Cp>WPGraphQL publishes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql\u002Freleases\" rel=\"nofollow ugc\">release notes on Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WPGraphQL has been following Semver practices for a few years. We will continue to follow Semver and let version numbers communicate meaning. The summary of Semver versioning is as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>MAJOR\u003C\u002Fem> version when you make incompatible API changes,\u003C\u002Fli>\n\u003Cli>\u003Cem>MINOR\u003C\u002Fem> version when you add functionality in a backwards compatible manner, and\u003C\u002Fli>\n\u003Cli>\u003Cem>PATCH\u003C\u002Fem> version when you make backwards compatible bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can read more about the details of Semver at semver.org\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>WPGraphQL uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster and make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK starts gathering basic telemetry data \u003Cstrong>only when a user allows it via the admin notice\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.",30000,1384379,98,48,"2026-03-11T22:53:00.000Z","6.9.4","6.0","7.4",[20,21,22,23,24],"decoupled","graphql","headless","react","rest-api","https:\u002F\u002Fgithub.com\u002Fwp-graphql\u002Fwp-graphql","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-graphql.2.10.0.zip",95,6,0,"2023-06-28 00:00:00","2026-03-15T15:16:48.613Z",[33,49,63,77,90,101],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2023-23684","wpgraphql-authenticated-editor-server-side-request-forgery","WPGraphQL \u003C= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery","The WPGraphQL plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.14.5 via createMediaItem. This can allow authenticated attackers with editor access or higher to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",null,"\u003C=1.14.5","1.14.6","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F38efd6d6-b931-41a7-b55d-b98cdeef4145?source=api-prod",209,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":45,"references":60,"days_to_patch":62},"CVE-2021-31157","wpgraphql-denial-of-service","WPGraphQL \u003C= 1.3.5 - Denial of Service","The WPGraphQL plugin for WordPress is vulnerable to Denial of Service via field duplication in versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to rapidly duplicate fields and queries resulting in OOM and MySQL connection errors.","\u003C=1.3.5","1.3.6",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L","Uncontrolled Resource Consumption","2021-04-27 00:00:00",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdd22276b-41d4-4795-a79e-d770d0cf4b76?source=api-prod",1001,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":38,"affected_versions":68,"patched_in_version":69,"severity":41,"cvss_score":70,"cvss_vector":71,"vuln_type":72,"published_date":73,"updated_date":45,"references":74,"days_to_patch":76},"CVE-2019-25060","wpgraphql-information-exposure-2","WPGraphQL \u003C= 0.3.4 - Information Exposure","The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.","\u003C=0.3.4","0.3.5",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Access Control","2019-07-10 00:00:00",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf455697-59da-488e-82fe-bb0fad65a810?source=api-prod",1658,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":41,"cvss_score":56,"cvss_vector":84,"vuln_type":85,"published_date":86,"updated_date":45,"references":87,"days_to_patch":89},"CVE-2019-9881","wpgraphql-unauthenticated-comment-creation","WPGraphQL \u003C= 0.2.3 - Unauthenticated Comment Creation","The createComment mutation in WPGraphQL up to version 0.2.3 for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.","\u003C=0.2.3","0.3.0","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2019-05-08 00:00:00",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2be9815d-56c6-4574-9b4c-75fff40a148d?source=api-prod",1721,{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":95,"cvss_score":96,"cvss_vector":97,"vuln_type":98,"published_date":86,"updated_date":45,"references":99,"days_to_patch":89},"CVE-2019-9879","wpgraphql-administrative-user-creation","WPGraphQL \u003C= 0.2.3 - Administrative User Creation","The WPGraphQL versions up to 0.2.3 for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Privilege Management",[100],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F80e74852-517e-4cd0-a7d3-6f6fe3433bff?source=api-prod",{"id":102,"url_slug":103,"title":104,"description":105,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":95,"cvss_score":106,"cvss_vector":107,"vuln_type":108,"published_date":86,"updated_date":45,"references":109,"days_to_patch":89},"CVE-2019-9880","wpgraphql-information-exposure","WPGraphQL \u003C= 0.2.3 - Information Exposure","An issue was discovered in WPGraphQL up to 0.2.3 . By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor",[110],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9cb7bc91-b2e9-4ede-80cf-6b961ac6dcb9?source=api-prod",{"slug":112,"display_name":7,"profile_url":8,"plugin_count":113,"total_installs":114,"avg_security_score":13,"avg_patch_time_days":115,"trust_score":116,"computed_at":117},"jasonbahl",3,46000,1152,78,"2026-04-03T21:27:29.311Z",[119,135,155,171,192],{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":29,"downloaded":127,"rating":29,"num_ratings":29,"last_updated":128,"tested_up_to":16,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":132,"download_link":133,"security_score":134,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"metronyx-headless-cms-connector","Metronyx Headless CMS Connector","1.0.4","ariellejphoenix","https:\u002F\u002Fprofiles.wordpress.org\u002Fariellejphoenix\u002F","\u003Cp>\u003Cstrong>Metronyx Headless CMS Connector\u003C\u002Fstrong> provides a clean, secure REST API to connect your WordPress content with any frontend framework. Perfect for developers building modern web applications with Next.js, React, Vue, Angular, or any other frontend technology.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Clean REST API\u003C\u002Fstrong> – Simple endpoints for posts, pages, and content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Content Delivery\u003C\u002Fstrong> – Optimized for modern headless CMS implementations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CORS Support\u003C\u002Fstrong> – Configured for secure frontend framework connections\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Framework Agnostic\u003C\u002Fstrong> – Works with Next.js, React, Vue, Angular, and any frontend\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Optimized\u003C\u002Fstrong> – Built-in meta fields and structured data for better search performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise Security\u003C\u002Fstrong> – Built-in security features, input validation, and rate limiting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Documentation\u003C\u002Fstrong> – Built-in API docs and usage examples\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cp>This plugin has been thoroughly audited and includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Input validation and sanitization\u003C\u002Fli>\n\u003Cli>CSRF protection with nonce verification\u003C\u002Fli>\n\u003Cli>XSS prevention with output escaping\u003C\u002Fli>\n\u003Cli>Rate limiting and pagination limits\u003C\u002Fli>\n\u003Cli>CORS security with strict origin validation\u003C\u002Fli>\n\u003Cli>Path traversal protection\u003C\u002Fli>\n\u003Cli>Proper capability checks for admin functions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API Endpoints\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Posts & Pages:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fposts\u003C\u002Fcode> – All posts with pagination\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fposts\u002F{slug}\u003C\u002Fcode> – Single post by slug\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fposts\u002Ffeatured\u003C\u002Fcode> – Featured posts only\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fpages\u003C\u002Fcode> – All pages\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fpages\u002F{slug}\u003C\u002Fcode> – Single page by slug\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Categories & Tags:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fcategories\u003C\u002Fcode> – All categories\u003Cbr \u002F>\n* \u003Ccode>GET \u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Ftags\u003C\u002Fcode> – All tags\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming Soon:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Advanced e-commerce endpoints (future releases)\u003Cbr \u002F>\n* Enhanced content filtering and search\u003Cbr \u002F>\n* Multi-site headless architecture support\u003C\u002Fp>\n\u003Ch4>Data Structure\u003C\u002Fh4>\n\u003Cp>Each post\u002Fpage includes:\u003Cbr \u002F>\n* Basic content (title, slug, content, excerpt)\u003Cbr \u002F>\n* SEO metadata (title, description, canonical URL)\u003Cbr \u002F>\n* Featured images with multiple sizes\u003Cbr \u002F>\n* Categories and tags\u003Cbr \u002F>\n* Author information\u003Cbr \u002F>\n* Custom meta fields\u003C\u002Fp>\n\u003Cp>Future releases will include:\u003Cbr \u002F>\n* Advanced content filtering and search capabilities\u003Cbr \u002F>\n* Enhanced SEO metadata and structured data\u003Cbr \u002F>\n* Multi-language content support\u003Cbr \u002F>\n* Custom post type integration\u003Cbr \u002F>\n* Performance analytics and insights\u003C\u002Fp>\n\u003Ch4>Usage Example\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F\u002F Fetch all posts\nconst posts = await fetch('\u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fposts')\n  .then(res => res.json());\n\n\u002F\u002F Fetch single post\nconst post = await fetch('\u002Fwp-json\u002Fmetronyx-connector\u002Fv1\u002Fposts\u002Fyour-post-slug')\n  .then(res => res.json());\n\n\u002F\u002F Next.js example\nexport async function getStaticProps({ params }) {\n  const post = await fetch(`${process.env.WORDPRESS_API_URL}posts\u002F${params.slug}`)\n    .then(res => res.json());\n\n  return { props: { post } };\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Professional Services\u003C\u002Fh3>\n\u003Cp>Running a headless WordPress setup means your SEO, performance, and content pipeline all need to work together. Metronyx specializes in WordPress-powered businesses and can help with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Headless CMS Architecture\u003C\u002Fstrong> – Custom REST API design, frontend-backend decoupling, and deployment pipelines for Next.js, React, or Vue\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI SEO & Answer Engine Optimization (AEO)\u003C\u002Fstrong> – Get your WordPress content surfaced in AI search results from ChatGPT, Perplexity, and Google AI Overviews\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance & Caching\u003C\u002Fstrong> – Server-side rendering optimization, CDN configuration, and API response caching for sub-second page loads\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom API Development\u003C\u002Fstrong> – Bespoke endpoints for WooCommerce, ACF, custom post types, and third-party integrations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO for Headless WordPress\u003C\u002Fstrong> – Structured data, meta tag management, sitemap generation, and crawl optimization for decoupled sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site & Enterprise\u003C\u002Fstrong> – Manage multiple headless WordPress properties from a single admin with shared content APIs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fmetronyx.co.uk\" rel=\"nofollow ugc\">metronyx.co.uk\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fmetronyx.co.uk\u002Ffree-tools\" rel=\"nofollow ugc\">get a free SEO audit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Developer\u003C\u002Fh3>\n\u003Cp>Built and maintained by \u003Cstrong>Arielle Phoenix\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fariellephoenix.com\" rel=\"nofollow ugc\">ariellephoenix.com\u003C\u002Fa>).\u003Cbr \u002F>\nAI SEO and headless WordPress solutions by \u003Cstrong>Metronyx\u003C\u002Fstrong> (\u003Ca href=\"https:\u002F\u002Fmetronyx.co.uk\" rel=\"nofollow ugc\">metronyx.co.uk\u003C\u002Fa>).\u003C\u002Fp>\n","Transform your WordPress site into a powerful headless CMS for modern frontend frameworks like Next.js, React, Vue, and more.",145,"2026-03-01T15:26:00.000Z","5.0",[20,22,131,23,24],"nextjs","https:\u002F\u002Fmetronyx.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetronyx-headless-cms-connector.1.0.4.zip",100,{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":13,"num_ratings":145,"last_updated":146,"tested_up_to":16,"requires_at_least":147,"requires_php":18,"tags":148,"homepage":151,"download_link":152,"security_score":134,"vuln_count":153,"unpatched_count":29,"last_vuln_date":154,"fetched_at":31},"cart-rest-api-for-woocommerce","CoCart – Headless REST API for WooCommerce","4.8.3","CoCart Headless","https:\u002F\u002Fprofiles.wordpress.org\u002Fcocartforwc\u002F","\u003Cp>\u003Cstrong>CoCart: The BEST REST API for decoupling WooCommerce stores\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart\u003C\u002Fa> is a developer-first REST API to decouple WooCommerce on the frontend. It gives you everything you need to start developing your own custom storefront. \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fpricing\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart Plus\u003C\u002Fa> plugin extension unlocks more to complete the shopping experience out the box.\u003C\u002Fp>\n\u003Cp>Build the modern and scalable storefront of your dreams with confidence independent of WordPress using frameworks like \u003Cstrong>Astro\u003C\u002Fstrong>, \u003Cstrong>React\u003C\u002Fstrong>, \u003Cstrong>Vue\u003C\u002Fstrong>, or \u003Cstrong>Next.js\u003C\u002Fstrong>, gaining complete control over your customers experience no matter what your store sells.\u003C\u002Fp>\n\u003Cp>CoCart was built for developers in mind. With hooks and filters available so you can extend or integrate custom functionality for your headless setup.\u003C\u002Fp>\n\u003Ch4>Why 1,000+ developers choose CoCart\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>🚀 Core cart functionality (FREE)\u003C\u002Fstrong>\u003Cbr \u002F>\n* ✅ \u003Cstrong>Zero learning curve\u003C\u002Fstrong> – Built on WooCommerce Data Stores with familiar hooks, ensuring broad plugin compatibility.\u003Cbr \u002F>\n* 🔐 \u003Cstrong>Session management\u003C\u002Fstrong> – Cookie-less, database-stored sessions. Handle concurrent users without breaking a sweat.\u003Cbr \u002F>\n* 🛒 \u003Cstrong>Essential cart operations\u003C\u002Fstrong> – Add, remove, update items and calculate totals in simple API calls.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>💻 Developer experience that doesn’t suck\u003C\u002Fstrong>\u003Cbr \u002F>\n* 🔑 \u003Cstrong>Authentication that makes sense\u003C\u002Fstrong> – Email, username, or phone login. No admin API keys to juggle.\u003Cbr \u002F>\n* 🌍 \u003Cstrong>CORS just works\u003C\u002Fstrong> – First-party CORS support means your frontend connects instantly, no configuration hell.\u003Cbr \u002F>\n* 🧩 \u003Cstrong>Extendable Callbacks\u003C\u002Fstrong> – Add your own logic without writing new API routes.\u003Cbr \u002F>\n* 📦 \u003Cstrong>Bulk Cart Requests\u003C\u002Fstrong> – Combine multiple API calls into one for better performance.\u003Cbr \u002F>\n* 📊 \u003Cstrong>Cart Insights\u003C\u002Fstrong> – Monitor all cart sessions, including those nearing expiration or already expired.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎯 WooCommerce compatibility, guaranteed\u003C\u002Fstrong>\u003Cbr \u002F>\n* 🛠 \u003Cstrong>Native checkout support\u003C\u002Fstrong> – Load any cart session into WooCommerce’s checkout. Your payment gateways work seamlessly.\u003Cbr \u002F>\n* 🔎 \u003Cstrong>Product search\u003C\u002Fstrong> – Query by name, SKU, or ID — authenticated or not — with flexible filtering.\u003Cbr \u002F>\n* 💸 \u003Cstrong>Name Your Price support\u003C\u002Fstrong> – Donation-based pricing with built-in flexibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Want more?\u003C\u002Fstrong> Upgrade to \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fpricing\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart Plus\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>First time using CoCart? Check out the \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fdocs\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=firsttime\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Ftry-free-demo\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=firsttime\" rel=\"nofollow ugc\">create a sandbox\u003C\u002Fa> to try it out.\u003C\u002Fp>\n\u003Ch3>💬 Loved by developers worldwide\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-8062\u002F\" rel=\"ugc\">Harald Schneider\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“This plugin works great out of the box for adding products to the cart via API. The code is solid and functionality is as expected, thanks Sebastien!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fworks-great-out-of-the-box-16\u002F\" rel=\"ugc\">Scott Bolinger, Creator of Holler Box\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“This plugin saved me tons of work and it is working amazingly! The plugin author provides fast and high-quality support. Well done!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-plugin-with-a-great-support-7\u002F\" rel=\"ugc\">@codenroll\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>💼 Need More Features? Upgrade to CoCart Plus\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Additional features in CoCart Plus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🎫 \u003Cstrong>Coupon Management\u003C\u002Fstrong> – Apply discounts, promo codes, and boost conversions.\u003C\u002Fli>\n\u003Cli>🚢 \u003Cstrong>Shipping Calculations\u003C\u002Fstrong> – Real-time shipping rates and method selection.\u003C\u002Fli>\n\u003Cli>💰 \u003Cstrong>Cart Fees\u003C\u002Fstrong> – Add handling fees, rush charges, or custom pricing logic.\u003C\u002Fli>\n\u003Cli>🥪 \u003Cstrong>Advanced Batch API\u003C\u002Fstrong> – Process multiple cart operations in a single request for lightning speed.\u003C\u002Fli>\n\u003Cli>🕒 \u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevent API abuse and maintain high performance under load.\u003C\u002Fli>\n\u003Cli>🧾 \u003Cstrong>Checkout\u003C\u002Fstrong> – Complete an order and take payment using any supported gateways by WooCommerce. (Coming Soon)\u003C\u002Fli>\n\u003Cli>💲 \u003Cstrong>Subscription Support\u003C\u002Fstrong> – Complete new subscriptions or renewals automatically or manually. (Coming Soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔓 Ready to Go Fully Headless?\u003C\u002Fh3>\n\u003Cp>Join \u003Cstrong>thousands of developers and agencies\u003C\u002Fstrong> building with CoCart — the REST API that takes WooCommerce further.\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fpricing\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">Upgrade to CoCart Plus\u003C\u002Fa> and build the future of eCommerce today.\u003C\u002Fp>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Thanks for doing such great work with this! Works exactly as expected and CoCart seems to have a nice community around it. The founder seems really devoted and that’s one of the key things for a plugin like this to live on and get the right updates in the future. We just got ourselves the lifetime subscription.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fawesome-plugin-4681\u002F\" rel=\"ugc\">Mighty Group Agency\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fwall-of-love\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">See our wall of love\u003C\u002Fa> for more developer testimonials.\u003C\u002Fp>\n\u003Ch3>💜 Need Support?\u003C\u002Fh3>\n\u003Cp>We aim to provide regular support for the CoCart plugin via \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fcommunity\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">our Discord community server\u003C\u002Fa>. Please understand that we do prioritize support for our \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fpricing\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">paying customers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>👍 Add-ons to further enhance CoCart\u003C\u002Fh4>\n\u003Cp>We also have add-ons that extend CoCart to enhance your development and your customers’ shopping experience.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-cors\u002F\" rel=\"ugc\">CoCart – CORS\u003C\u002Fa>\u003C\u002Fstrong> enables support for CORS to allow CoCart to work across multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-rate-limiting\" rel=\"ugc\">CoCart – Rate Limiting\u003C\u002Fa>\u003C\u002Fstrong> enables the rate limiting feature for CoCart Plus or higher.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-jwt-authentication\" rel=\"ugc\">CoCart – JWT Authentication\u003C\u002Fa>\u003C\u002Fstrong> allows you to authenticate via a simple JWT Token.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These add-ons of course come with support too.\u003C\u002Fp>\n\u003Ch3>⌨️ Join our growing community\u003C\u002Fh3>\n\u003Cp>On Discord, we have a community of developers, WordPress agencies, and shop owners building the fastest and best headless WooCommerce stores with CoCart.\u003C\u002Fp>\n\u003Cp>Come and \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fcommunity\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">join our community\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🧰 Developer Tools\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-beta-tester\" rel=\"nofollow ugc\">CoCart Beta Tester\u003C\u002Fa>\u003C\u002Fstrong> allows you to easily update to pre-release versions of CoCart for testing and development purposes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-vscode\" rel=\"nofollow ugc\">CoCart VSCode\u003C\u002Fa>\u003C\u002Fstrong> extension for Visual Studio Code adds snippets and autocompletion of functions, classes, and hooks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-product-support-boilerplate\" rel=\"nofollow ugc\">CoCart Product Support Boilerplate\u003C\u002Fa>\u003C\u002Fstrong> provides a basic boilerplate for supporting different product types to add to the cart with validation including adding your own parameters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-cart-callback-example\" rel=\"nofollow ugc\">CoCart Cart Callback Example\u003C\u002Fa>\u003C\u002Fstrong> provides you an example of registering a callback that can be triggered when updating the cart.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">Website\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fdocs\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Feepurl.com\u002FdKIYXE\" rel=\"nofollow ugc\">Subscribe to updates\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Like, Follow and Star on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcocartforwc\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcocartapi\" rel=\"nofollow ugc\">X\u002FTwitter\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fcocartheadless\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fco-cart\u002Fco-cart\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>💯 Credits\u003C\u002Fh4>\n\u003Cp>This plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsebd86\" rel=\"nofollow ugc\">Sébastien Dumont\u003C\u002Fa>.\u003Cbr \u002F>\nFounder of \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcocartheadless\" rel=\"nofollow ugc\">CoCart Headless, LLC\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contributors & Developers\u003C\u002Fh3>\n\u003Cp>You can help \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcart-rest-api-for-woocommerce\" rel=\"nofollow ugc\">translate “CoCart” into your language\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>INTERESTED IN DEVELOPMENT?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fco-cart\u002Fco-cart\u002Ftree\u002Fdevelopment\u002F\" rel=\"nofollow ugc\">Browse the code on GitHub\u003C\u002Fa>, or follow the \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fblog\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart development blog\u003C\u002Fa> for the latest development updates. You can also follow \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcocartapi\" rel=\"nofollow ugc\">@cocartapi\u003C\u002Fa> on Twitter to stay up to date about everything happening with CoCart.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please share your experience\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’d love to hear what you have to say. \u003Ca href=\"https:\u002F\u002Ftestimonial.to\u002Fcocart\" rel=\"nofollow ugc\">Share your experience\u003C\u002Fa> and help others discover CoCart. It helps to keep the plugin going strong, and is greatly appreciated.\u003C\u002Fp>\n","A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.",1000,94686,21,"2026-01-26T20:24:00.000Z","6.3",[149,20,22,24,150],"cart","woocommerce","https:\u002F\u002Fcocartapi.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcart-rest-api-for-woocommerce.4.8.3.zip",1,"2023-11-07 00:00:00",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":143,"downloaded":163,"rating":29,"num_ratings":29,"last_updated":164,"tested_up_to":165,"requires_at_least":166,"requires_php":18,"tags":167,"homepage":169,"download_link":170,"security_score":134,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wpgraphql-ide","WPGraphQL IDE","4.1.0","Joe Fusco","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoefusco\u002F","\u003Cp>GraphQL IDE for WPGraphQL.\u003C\u002Fp>\n","GraphQL IDE for WPGraphQL",18633,"2026-02-06T21:05:00.000Z","6.8.5","5.7",[20,168,21,22],"devtools","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpgraphql-ide.4.1.0.zip",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":179,"downloaded":180,"rating":29,"num_ratings":29,"last_updated":181,"tested_up_to":182,"requires_at_least":129,"requires_php":183,"tags":184,"homepage":189,"download_link":190,"security_score":191,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"add-wpgraphql-send-mail","WPGraphQL Send Mail","1.2.0","ash_hitch","https:\u002F\u002Fprofiles.wordpress.org\u002Fash_hitch\u002F","\u003Cp>This plugin enables to send email via WPGraphQL.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>mutation SEND_EMAIL {\u003Cbr \u002F>\n  sendEmail(\u003Cbr \u002F>\n    input: {\u003Cbr \u002F>\n      to: “test@test.com”\u003Cbr \u002F>\n      from: “test@test.com”\u003Cbr \u002F>\n      subject: “test email”\u003Cbr \u002F>\n      body: “test email”\u003Cbr \u002F>\n      clientMutationId: “test”\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n  ) {\u003Cbr \u002F>\n    origin\u003Cbr \u002F>\n    sent\u003Cbr \u002F>\n    message\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin enables to send email via WPGraphQL.",500,3351,"2021-01-27T08:15:00.000Z","5.6.17","7.0",[185,21,186,187,188],"decoupled-wordpress","headless-wordpress","mail","wpgraphql","https:\u002F\u002Fgithub.com\u002Fashhitch\u002Fwp-graphql-send-mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-wpgraphql-send-mail.1.2.0.zip",85,{"slug":193,"name":194,"version":195,"author":139,"author_profile":140,"description":196,"short_description":197,"active_installs":198,"downloaded":199,"rating":29,"num_ratings":29,"last_updated":200,"tested_up_to":201,"requires_at_least":202,"requires_php":18,"tags":203,"homepage":151,"download_link":205,"security_score":206,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"cocart-cors","CoCart CORS Support","1.0.7","\u003Cp>This free add-on for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcart-rest-api-for-woocommerce\u002F\" rel=\"ugc\">CoCart\u003C\u002Fa> enables support for CORS to allow CoCart to work across multiple domains.\u003C\u002Fp>\n\u003Cp>Simply install and activate. \u003Cstrong>No configuration required!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time. \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-8062\u002F\" rel=\"ugc\">Harald Schneider\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>🧰 Developer Tools\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-beta-tester\" rel=\"nofollow ugc\">CoCart Beta Tester\u003C\u002Fa>\u003C\u002Fstrong> allows you to easily update to pre-release versions of CoCart Lite for testing and development purposes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-vscode\" rel=\"nofollow ugc\">CoCart VSCode\u003C\u002Fa>\u003C\u002Fstrong> extension for Visual Studio Code adds snippets and autocompletion of functions, classes and hooks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-product-support-boilerplate\" rel=\"nofollow ugc\">CoCart Product Support Boilerplate\u003C\u002Fa>\u003C\u002Fstrong> provides a basic boilerplate for supporting a different product types to add to the cart with validation including adding your own parameters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-cart-callback-example\" rel=\"nofollow ugc\">CoCart Cart Callback Example\u003C\u002Fa>\u003C\u002Fstrong> provides you an example of registering a callback that can be triggered when updating the cart.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Amazing Plugin. I’m using it to create a react-native app with WooCommerce as back-end. This plugin is a life-saver! \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Famazing-plugin-1562\u002F\" rel=\"ugc\">Daniel Loureiro\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>👍 Add-ons to further enhance CoCart\u003C\u002Fh4>\n\u003Cp>We also have other add-ons that extend CoCart to enhance your development and your customers shopping experience.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-get-cart-enhanced\u002F\" rel=\"ugc\">CoCart – Cart Enhanced\u003C\u002Fa>\u003C\u002Fstrong> enhances the data returned for the cart and the items added to it.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-jwt-authentication\u002F\" rel=\"ugc\">CoCart – JWT Authentication\u003C\u002Fa>\u003C\u002Fstrong> allows you to authenticate via a simple JWT Token.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcocart-rate-limiting\u002F\" rel=\"ugc\">CoCart – Rate Limiting\u003C\u002Fa>\u003C\u002Fstrong> enables the rate limiting feature.\u003C\u002Fli>\n\u003Cli>and more add-ons in development.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>They work with the core of CoCart already, and these add-ons of course come with support too.\u003C\u002Fp>\n\u003Ch3>⌨️ Join our growing community\u003C\u002Fh3>\n\u003Cp>A Discord community for developers, WordPress agencies and shop owners building the fastest and best headless WooCommerce stores with CoCart.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002Fcommunity\u002F?utm_medium=wp.org&utm_source=wordpressorg&utm_campaign=readme&utm_content=cocart\" rel=\"nofollow ugc\">Join our community\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🐞 Bug reports\u003C\u002Fh3>\n\u003Cp>Bug reports for CoCart CORS Support are welcomed in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcocart-headless\u002Fcocart-cors\u002Fissues\" rel=\"nofollow ugc\">CoCart CORS repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003Ch3>More information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The official \u003Ca href=\"https:\u002F\u002Fcocartapi.com\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart API plugin\u003C\u002Fa> website.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcocart.dev\u002F?utm_medium=website&utm_source=wpplugindirectory&utm_campaign=readme&utm_content=readmelink\" rel=\"nofollow ugc\">CoCart for Developers\u003C\u002Fa>, an official hub for resources you need to be productive with CoCart and keep track of everything that is happening with the API.\u003C\u002Fli>\n\u003Cli>The CoCart \u003Ca href=\"https:\u002F\u002Fdocs.cocart.xyz\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Feepurl.com\u002FdKIYXE\" rel=\"nofollow ugc\">Subscribe to updates\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Like, Follow and Star on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcocartforwc\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcocartapi\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fcocartheadless\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fco-cart\u002Fco-cart\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>💯 Credits\u003C\u002Fh4>\n\u003Cp>This plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsebd86\" rel=\"nofollow ugc\">Sébastien Dumont\u003C\u002Fa>.\u003Cbr \u002F>\nFounder of \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcocartheadless\" rel=\"nofollow ugc\">CoCart Headless, LLC\u003C\u002Fa>.\u003C\u002Fp>\n","Enables support for CORS to allow CoCart to work across multiple domains.",400,7524,"2024-07-26T19:01:00.000Z","6.6.5","5.6",[204,20,22,24,150],"cors","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcocart-cors.1.0.7.zip",92,{"attackSurface":208,"codeSignals":572,"taintFlows":587,"riskAssessment":588,"analyzedAt":611},{"hooks":209,"ajaxHandlers":561,"restRoutes":562,"shortcodes":570,"cronEvents":571,"entryPointCount":153,"unprotectedCount":29},[210,217,220,224,227,229,232,234,237,239,242,246,251,254,258,261,265,269,273,277,281,284,288,292,296,299,302,307,311,316,318,322,326,329,331,334,336,339,343,347,351,355,358,362,366,370,374,376,379,383,387,390,394,398,402,406,410,414,417,420,423,427,431,437,440,443,446,450,453,456,461,465,468,472,475,479,484,488,491,495,499,503,505,508,512,515,519,522,525,527,530,531,535,539,542,546,550,553,556,560],{"type":211,"name":212,"callback":213,"priority":214,"file":215,"line":216},"filter","graphql_type_interfaces","closure",10,"access-functions.php",188,{"type":211,"name":218,"callback":213,"file":215,"line":219},"graphql_type_name",481,{"type":221,"name":222,"callback":213,"file":215,"line":223},"action","graphql_register_types_late",494,{"type":211,"name":225,"callback":213,"priority":214,"file":215,"line":226},"graphql_excluded_types",573,{"type":211,"name":212,"callback":213,"priority":214,"file":215,"line":228},589,{"type":221,"name":230,"callback":213,"file":215,"line":231},"graphql_init_settings",741,{"type":221,"name":230,"callback":213,"file":215,"line":233},758,{"type":221,"name":235,"callback":213,"file":215,"line":236},"graphql_get_debug_log",803,{"type":221,"name":230,"callback":213,"file":215,"line":238},835,{"type":221,"name":240,"callback":213,"file":215,"line":241},"graphql_admin_notices_init",963,{"type":221,"name":243,"callback":213,"file":244,"line":245},"admin_menu","src\\Admin\\Admin.php",56,{"type":221,"name":247,"callback":248,"file":249,"line":250},"admin_notices","maybe_display_notices","src\\Admin\\AdminNotices.php",107,{"type":221,"name":252,"callback":248,"file":249,"line":253},"network_admin_notices",108,{"type":221,"name":255,"callback":256,"file":249,"line":257},"admin_init","handle_dismissal_of_notice",109,{"type":221,"name":243,"callback":259,"priority":134,"file":249,"line":260},"add_notification_bubble",110,{"type":221,"name":243,"callback":262,"file":263,"line":264},"register_admin_page","src\\Admin\\Extensions\\Extensions.php",53,{"type":221,"name":266,"callback":267,"file":263,"line":268},"admin_enqueue_scripts","enqueue_scripts",54,{"type":221,"name":270,"callback":271,"file":263,"line":272},"rest_api_init","register_rest_routes",55,{"type":221,"name":243,"callback":262,"priority":274,"file":275,"line":276},9,"src\\Admin\\GraphiQL\\GraphiQL.php",112,{"type":221,"name":278,"callback":279,"priority":134,"file":275,"line":280},"admin_bar_menu","register_admin_bar_menu",113,{"type":221,"name":266,"callback":282,"file":275,"line":283},"enqueue_graphiql",122,{"type":221,"name":285,"callback":286,"file":275,"line":287},"enqueue_graphiql_extension","enqueue_builtin_extensions",125,{"type":221,"name":243,"callback":289,"file":290,"line":291},"add_options_page","src\\Admin\\Settings\\Settings.php",33,{"type":221,"name":293,"callback":294,"file":290,"line":295},"init","register_settings",34,{"type":221,"name":255,"callback":297,"file":290,"line":298},"initialize_settings_page",35,{"type":221,"name":266,"callback":300,"file":290,"line":301},"initialize_settings_page_scripts",36,{"type":221,"name":303,"callback":304,"priority":214,"file":305,"line":306},"in_plugin_update_message-wp-graphql\u002Fwp-graphql.php","in_plugin_update_message","src\\Admin\\Updates\\PluginsScreenLoader.php",31,{"type":221,"name":308,"callback":309,"file":305,"line":310},"admin_print_footer_scripts","modal_js",58,{"type":211,"name":312,"callback":313,"file":314,"line":315},"extra_plugin_headers","enable_plugin_headers","src\\Admin\\Updates\\Updates.php",20,{"type":211,"name":317,"callback":313,"file":314,"line":145},"extra_theme_headers",{"type":211,"name":319,"callback":320,"priority":214,"file":314,"line":321},"auto_update_plugin","maybe_allow_autoupdates",24,{"type":221,"name":323,"callback":324,"file":314,"line":325},"current_screen","load_screen_checker",27,{"type":221,"name":255,"callback":327,"file":314,"line":328},"disable_incompatible_plugins",30,{"type":221,"name":330,"callback":327,"file":314,"line":306},"graphql_activate",{"type":221,"name":247,"callback":332,"file":314,"line":333},"disable_incompatible_plugins_notice",32,{"type":221,"name":266,"callback":335,"file":314,"line":298},"register_assets",{"type":221,"name":308,"callback":337,"file":338,"line":306},"update_screen_modal","src\\Admin\\Updates\\UpdatesScreenLoader.php",{"type":211,"name":340,"callback":341,"priority":214,"file":342,"line":306},"comments_clauses","graphql_wp_comments_query_cursor_pagination_support","src\\Data\\Config.php",{"type":211,"name":344,"callback":345,"priority":214,"file":342,"line":346},"posts_where","graphql_wp_query_cursor_pagination_support",45,{"type":211,"name":348,"callback":349,"priority":214,"file":342,"line":350},"terms_clauses","graphql_wp_term_query_cursor_pagination_support",51,{"type":211,"name":352,"callback":353,"priority":214,"file":342,"line":354},"posts_orderby","graphql_wp_query_cursor_pagination_stability",64,{"type":211,"name":356,"callback":213,"file":342,"line":357},"pre_user_query",84,{"type":211,"name":359,"callback":360,"priority":214,"file":342,"line":361},"graphql_users_where","graphql_wp_user_query_cursor_pagination_support",133,{"type":211,"name":363,"callback":364,"priority":214,"file":342,"line":365},"graphql_users_orderby","graphql_wp_user_query_cursor_pagination_stability",146,{"type":211,"name":367,"callback":213,"priority":214,"file":368,"line":369},"split_the_query","src\\Data\\Loader\\PostObjectLoader.php",91,{"type":221,"name":371,"callback":372,"file":373,"line":301},"graphql_register_types","register_deprecated_types","src\\Deprecated.php",{"type":211,"name":212,"callback":213,"priority":214,"file":373,"line":375},49,{"type":211,"name":377,"callback":213,"priority":214,"file":373,"line":378},"graphql_model_prepare_fields",75,{"type":221,"name":380,"callback":381,"priority":214,"file":382,"line":328},"updated_option","handle_option_update","src\\Experimental\\Admin.php",{"type":221,"name":371,"callback":384,"file":385,"line":386},"register_scalar","src\\Experimental\\Experiment\\EmailAddressScalarExperiment\\EmailAddressScalarExperiment.php",74,{"type":221,"name":371,"callback":388,"file":389,"line":116},"register_fields","src\\Experimental\\Experiment\\EmailAddressScalarFieldsExperiment\\EmailAddressScalarFieldsExperiment.php",{"type":211,"name":391,"callback":392,"priority":214,"file":389,"line":393},"graphql_input_fields","add_deprecated_email_input_to_user_mutations",79,{"type":211,"name":395,"callback":396,"priority":214,"file":389,"line":397},"graphql_GeneralSettings_fields","deprecate_general_settings_email_field",80,{"type":211,"name":399,"callback":400,"priority":214,"file":389,"line":401},"graphql_Commenter_fields","deprecate_commenter_email_field",81,{"type":211,"name":403,"callback":404,"priority":214,"file":389,"line":405},"graphql_CommentAuthor_fields","deprecate_comment_author_email_field",82,{"type":211,"name":407,"callback":408,"priority":214,"file":389,"line":409},"graphql_CommentToCommenterConnectionEdge_fields","deprecate_comment_edge_email_field",83,{"type":211,"name":411,"callback":412,"priority":214,"file":389,"line":413},"graphql_mutation_input","normalize_email_input_for_user_mutations",86,{"type":221,"name":371,"callback":415,"file":416,"line":134},"register_test_dependant_field","src\\Experimental\\Experiment\\TestDependantExperiment\\TestDependantExperiment.php",{"type":221,"name":371,"callback":418,"file":419,"line":401},"register_field","src\\Experimental\\Experiment\\TestExperiment\\TestExperiment.php",{"type":221,"name":371,"callback":421,"file":422,"line":134},"register_optional_dependency_field","src\\Experimental\\Experiment\\TestOptionalDependencyExperiment\\TestOptionalDependencyExperiment.php",{"type":211,"name":424,"callback":425,"priority":214,"file":426,"line":145},"graphql_request_results","add_experiments_to_response_extensions","src\\Experimental\\Extensions.php",{"type":211,"name":428,"callback":429,"file":430,"line":127},"send_password_change_email","return_false","src\\Mutation\\UserRegister.php",{"type":221,"name":432,"callback":433,"priority":434,"file":435,"line":436},"init_graphql_type_registry","init_type_registry",5,"src\\Registry\\TypeRegistry.php",272,{"type":211,"name":438,"callback":213,"priority":214,"file":435,"line":439},"graphql_excluded_mutations",1383,{"type":211,"name":441,"callback":213,"file":435,"line":442},"graphql_excluded_connections",1409,{"type":221,"name":293,"callback":444,"priority":214,"file":445,"line":354},"add_rewrite_rule","src\\Router.php",{"type":211,"name":447,"callback":448,"priority":153,"file":445,"line":449},"query_vars","add_query_var",71,{"type":221,"name":451,"callback":452,"priority":214,"file":445,"line":116},"parse_request","resolve_http_request",{"type":211,"name":454,"callback":455,"file":445,"line":409},"application_password_is_api_request","is_api_request",{"type":221,"name":457,"callback":458,"priority":214,"file":459,"line":460},"do_graphql_request","determine_graphql_keys","src\\Utils\\QueryAnalyzer.php",244,{"type":211,"name":462,"callback":463,"priority":214,"file":459,"line":464},"graphql_dataloader_get_model","track_nodes",247,{"type":211,"name":424,"callback":466,"priority":214,"file":459,"line":467},"show_query_analyzer_in_extensions",250,{"type":221,"name":293,"callback":469,"file":470,"line":471},"init_save_queries","src\\Utils\\QueryLog.php",43,{"type":211,"name":424,"callback":473,"priority":214,"file":470,"line":474},"show_results",44,{"type":221,"name":457,"callback":476,"file":477,"line":478},"init_trace","src\\Utils\\Tracing.php",128,{"type":221,"name":480,"callback":481,"priority":482,"file":477,"line":483},"graphql_execute","end_trace",99,129,{"type":211,"name":485,"callback":486,"file":477,"line":487},"graphql_access_control_allow_headers","return_tracing_headers",130,{"type":211,"name":424,"callback":489,"priority":214,"file":477,"line":490},"add_tracing_to_response_extensions",131,{"type":221,"name":492,"callback":493,"priority":214,"file":477,"line":494},"graphql_before_resolve_field","init_field_resolver_trace",140,{"type":221,"name":496,"callback":497,"priority":214,"file":477,"line":498},"graphql_after_resolve_field","end_field_resolver_trace",141,{"type":221,"name":500,"callback":213,"file":501,"line":502},"after_setup_theme","src\\WPGraphQL.php",191,{"type":221,"name":293,"callback":504,"priority":29,"file":501,"line":48},"load_textdomain",{"type":221,"name":293,"callback":506,"file":501,"line":507},"setup_plugin_url",213,{"type":221,"name":509,"callback":510,"file":501,"line":511},"wp_loaded","maybe_flush_permalinks",221,{"type":221,"name":492,"callback":513,"priority":214,"file":501,"line":514},"check_field_permissions",226,{"type":221,"name":516,"callback":517,"priority":214,"file":501,"line":518},"init_graphql_request","register_initial_settings",237,{"type":221,"name":457,"callback":520,"file":501,"line":521},"min_php_version_check",240,{"type":221,"name":457,"callback":523,"priority":214,"file":501,"line":524},"introspection_check",241,{"type":221,"name":500,"callback":526,"file":501,"line":460},"init_admin",{"type":221,"name":500,"callback":528,"file":501,"line":529},"setup_experiments",245,{"type":221,"name":516,"callback":213,"file":501,"line":464},{"type":211,"name":532,"callback":533,"priority":214,"file":501,"line":534},"graphql_get_type","instrument_resolvers",399,{"type":211,"name":536,"callback":537,"priority":214,"file":501,"line":538},"get_post_metadata","filter_post_meta_for_previews",410,{"type":211,"name":540,"callback":213,"priority":214,"file":501,"line":541},"wpml_is_redirected",426,{"type":211,"name":543,"callback":544,"priority":214,"file":501,"line":545},"register_post_type_args","setup_default_post_types",529,{"type":211,"name":547,"callback":548,"priority":214,"file":501,"line":549},"register_taxonomy_args","setup_default_taxonomies",530,{"type":211,"name":543,"callback":551,"priority":482,"file":501,"line":552},"register_graphql_post_type_args",533,{"type":211,"name":547,"callback":554,"priority":482,"file":501,"line":555},"register_graphql_taxonomy_args",534,{"type":221,"name":252,"callback":557,"file":558,"line":559},"graphql_cannot_load_admin_notice_callback","wp-graphql.php",121,{"type":221,"name":247,"callback":557,"file":558,"line":283},[],[563],{"namespace":564,"route":565,"methods":566,"callback":568,"permissionCallback":213,"file":263,"line":569},"wp\u002Fv2","\u002Fplugins\u002F(?P\u003Cplugin>.+)",[567],"PUT","activate_plugin",157,[],[],{"dangerousFunctions":573,"sqlUsage":574,"outputEscaping":576,"fileOperations":434,"externalRequests":29,"nonceChecks":113,"capabilityChecks":585,"bundledLibraries":586},[],{"prepared":434,"raw":29,"locations":575},[],{"escaped":198,"rawEcho":113,"locations":577},[578,581,584],{"file":249,"line":579,"context":580},287,"raw output",{"file":582,"line":583,"context":580},"src\\Admin\\Settings\\SettingsRegistry.php",523,{"file":305,"line":357,"context":580},72,[],[],{"summary":589,"deductions":590},"The wp-graphql v2.10.0 plugin demonstrates generally strong security practices, with a minimal attack surface exposed and a high percentage of code signals indicating good security hygiene. Notably, all identified SQL queries are prepared, output escaping is almost universally applied, and the plugin incorporates nonce and capability checks. The absence of any critical or high-severity taint flows further suggests a robust internal codebase regarding data handling and sanitization.  \n\nHowever, the plugin's history of six known CVEs, including two critical ones and four medium ones, is a significant concern. The common vulnerability types point to recurring issues with access control, authorization, and potential for sensitive information exposure, which could indicate underlying architectural weaknesses or a pattern of vulnerabilities being introduced over time. While no CVEs are currently unpatched, the past prevalence of critical vulnerabilities warrants careful consideration and ongoing vigilance.  \n\nIn conclusion, while the current static analysis for v2.10.0 is very positive, the historical vulnerability data presents a notable weakness. Users should be aware that despite good current coding practices, the plugin has a history of serious security flaws. Continuous monitoring of future releases and prompt application of updates remain paramount.",[591,594,597,600,602,605,607,609],{"reason":592,"points":593},"Past critical CVEs suggest recurring security issues",15,{"reason":595,"points":596},"Past medium CVEs indicate ongoing risk",12,{"reason":598,"points":599},"History of Improper Access Control & Authorization",8,{"reason":601,"points":599},"History of Missing Authorization",{"reason":603,"points":604},"History of Exposure of Sensitive Information",7,{"reason":606,"points":604},"History of Improper Privilege Management",{"reason":608,"points":599},"History of SSRF vulnerabilities",{"reason":610,"points":599},"History of Uncontrolled Resource Consumption","2026-03-16T17:24:19.842Z",{"wat":613,"direct":623},{"assetPaths":614,"generatorPatterns":618,"scriptPaths":619,"versionParams":620},[615,616,617],"\u002Fwp-content\u002Fplugins\u002Fwp-graphql\u002Fbuild\u002Fextensions.asset.php","\u002Fwp-content\u002Fplugins\u002Fwp-graphql\u002Fassets\u002Fcss\u002Fsettings-page.css","\u002Fwp-content\u002Fplugins\u002Fwp-graphql\u002Fassets\u002Fjs\u002Fsettings-page.js",[],[617],[621,622],"wp-graphql\u002Fassets\u002Fcss\u002Fsettings-page.css?ver=","wp-graphql\u002Fassets\u002Fjs\u002Fsettings-page.js?ver=",{"cssClasses":624,"htmlComments":626,"htmlAttributes":627,"restEndpoints":629,"jsGlobals":631,"shortcodeOutput":633},[625],"wpgraphql-admin-extensions-page",[],[628],"data-wpgraphql-extensions-manager",[630],"\u002Fwp-json\u002Fwp-graphql\u002Fv1\u002Fextensions",[632],"wpApiSettings",[]]