[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flIMj3VeCB9NYZysQ2XAdbpmmmUb6-pDKTKZ_PgrZuTY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":139,"fingerprints":241},"wp-openapi","WP OpenAPI","1.0.27","moon0326","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoon0326\u002F","\u003Cp>WP OpenAPI is a WordPress plugin that generates OpenAPI 3.1.0 compatible documentation for your WordPress REST APIs.\u003C\u002Fp>\n\u003Cp>It has two main features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Outputs OpenAPI 3.1.0 spec at \u002Fwp-json-openapi\u003C\u002Fli>\n\u003Cli>Provides OpenAPI viewer using Stoplight’s awesome Elements viewer   \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also export your documentation as a single HTML to host it in a server easily.\u003C\u002Fp>\n\u003Cp>See more details at https:\u002F\u002Fgithub.com\u002Fmoon0326\u002Fwp-openapi\u003C\u002Fp>\n","WP OpenAPI is a WordPress plugin to provide the OpenAPI spec and a beautifu viewer for your WordPress REST API.",300,20747,76,4,"2025-11-18T02:36:00.000Z","6.8.5","5.8","7.1",[20,21,22,23,24],"api","documentation","openapi","rest-api","swagger","https:\u002F\u002Fgithub.com\u002Fmoon0326\u002Fwp-openapi","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-openapi.1.0.27.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,30,94,"2026-04-04T22:33:05.532Z",[38,57,79,98,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":54,"download_link":55,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"document-generator-for-openapi","Document Generator for OpenAPI","1.1.0","Schneider & Schütz GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fschneiderundschuetz\u002F","\u003Cp>This plugin reads the schema definition of a given WordPress REST Api namespace and transforms it to a\u003Cbr \u002F>\nOpenAPI document. The generator itself is exposed via the WordPress REST Api with the namespace document-generator-for-openapi\u002Fv1.\u003C\u002Fp>\n\u003Cp>There is also a built in WP-CLI Command.\u003C\u002Fp>\n\u003Ch3>Limitations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Beware that currently the generator is exposeed to anonymous users since the WordPress schema endpoint is also publicly\u003Cbr \u002F>\navailable. Use it at your own risk or disable the plugin after use.\u003C\u002Fli>\n\u003Cli>No UI for configuration yet\u003C\u002Fli>\n\u003Cli>Currently only version 3.1.0 of the OpenAPI specification is implemented. Swagger tools for 3.0.0 might work though.\u003C\u002Fli>\n\u003Cli>Extensibility with hooks needs to be improved\u003C\u002Fli>\n\u003C\u002Ful>\n","OpenAPI (fka. Swagger) Document Generator for WordPress REST API",40,8156,"2023-07-04T17:59:00.000Z","6.2.9","5.7","7.0",[20,53,22,23,24],"generator","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdocument-generator-for-openapi.1.1.0.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":27,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":54,"download_link":78,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-swaggerui","WP API SwaggerUI","1.1.2","agussuroyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fagussuroyo\u002F","\u003Cp>SwaggerUI used to make WordPress REST API endpoint have a interactive UI, so we can check our API endpoint directly from the website it self\u003C\u002Fp>\n\u003Cp>Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for GET, POST, PUT, PATCH and DELETE request method\u003C\u002Fli>\n\u003Cli>Support for Auth Basic authorization method\u003C\u002Fli>\n\u003Cli>Choose which namespace API that will be used on the SwaggerUI\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress REST API with Swagger UI.",2000,63277,11,"2022-07-10T14:14:00.000Z","5.9.13","4.7","5.4",[73,74,75,76,77],"swaggerui","swaggerui-rest-api","wp-swagger-rest-api","wp-swaggerui","wp-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-swaggerui.1.2.0.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":28,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":54,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":97},"mksddn-collection-for-postman","MksDdn Collection for Postman","2.1.0","Max","https:\u002F\u002Fprofiles.wordpress.org\u002Fmksddn\u002F","\u003Cp>MksDdn Collection for Postman helps developers quickly generate a Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for WordPress REST API endpoints. The plugin automatically discovers and includes standard WordPress entities, custom post types, options pages, and individual pages. Generated collections include pre-configured requests with sample data and can be downloaded as JSON files for import into Postman. OpenAPI spec can be used with Swagger UI, Redoc, or frontend code generators.\u003C\u002Fp>\n\u003Cp>The plugin provides comprehensive API testing capabilities with automatic generation of test data for form submissions, support for file uploads via multipart\u002Fform-data, and seamless integration with Advanced Custom Fields (ACF). Special handling is included for the mksddn-forms-handler plugin when active.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Basic REST endpoints: pages, posts, categories, tags, taxonomies, comments, users, settings\u003Cbr \u002F>\n– WooCommerce REST API (wc\u002Fv3): products, product categories, orders with full CRUD when WooCommerce is active\u003Cbr \u002F>\n– Search functionality: Posts, Pages, and All content types with customizable queries\u003Cbr \u002F>\n– Custom Post Types with full CRUD operations (List, Get by Slug\u002FID, Create, Update, Delete)\u003Cbr \u002F>\n– ACF\u002FSCF fields: auto-included for all post types when ACF or Smart Custom Fields plugin is active\u003Cbr \u002F>\n– Special handling for Forms (mksddn-forms-handler integration)\u003Cbr \u002F>\n– Options endpoints: \u003Ccode>\u002Fwp-json\u002Fcustom\u002Fv1\u002Foptions\u002F...\u003C\u002Fcode>\u003Cbr \u002F>\n– Individual pages by slug with ACF field support\u003Cbr \u002F>\n– Automatic test data generation for form submissions\u003Cbr \u002F>\n– Support for multipart\u002Fform-data for file uploads\u003Cbr \u002F>\n– Yoast SEO integration (automatic yoast_head_json inclusion)\u003Cbr \u002F>\n– Multilingual support with Accept-Language headers (Polylang priority)\u003Cbr \u002F>\n– OpenAPI 3.0 export for API documentation (Swagger UI, Redoc)\u003Cbr \u002F>\n– Extensible via WordPress filters\u003Cbr \u002F>\n– WP-CLI integration for command-line usage\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin references external services for Postman Collection schema validation:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Postman Collection Schema Service\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: Postman Collection Schema (schema.getpostman.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: Used to validate and structure the generated Postman Collection JSON according to the official Postman Collection v2.1.0 specification\u003Cbr \u002F>\n– \u003Cstrong>Data sent\u003C\u002Fstrong>: No data is sent to this service. The plugin only references the schema URL for validation purposes\u003Cbr \u002F>\n– \u003Cstrong>When\u003C\u002Fstrong>: The schema URL is included in the generated collection metadata for Postman to validate the collection structure\u003Cbr \u002F>\n– \u003Cstrong>Terms of service\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fterms-of-use\u002F\u003Cbr \u002F>\n– \u003Cstrong>Privacy policy\u003C\u002Fstrong>: https:\u002F\u002Fwww.postman.com\u002Flegal\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin does not send any user data to external services. The schema reference is purely for collection structure validation within the Postman application.\u003C\u002Fp>\n","Generate Postman Collection (v2.1.0) or OpenAPI 3.0 documentation for the WordPress REST API from the admin UI.",452,"6.9.4","6.2","8.1",[92,93,22,94,23],"collection","developer-tools","postman","https:\u002F\u002Fgithub.com\u002Fmksddn\u002FWP-MksDdn-Postman-Collection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmksddn-collection-for-postman.2.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":34,"num_ratings":108,"last_updated":109,"tested_up_to":54,"requires_at_least":89,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"woocommerce-legacy-rest-api","WooCommerce Legacy REST API","1.0.5","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.woocommerce.com\u002F2023\u002F10\u002F03\u002Fthe-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0\u002F\" rel=\"nofollow ugc\">The Legacy REST API will no longer part of WooCommerce as of version 9.0\u003C\u002Fa>. This plugin restores the full functionality of the removed Legacy REST API code in WooCommerce 9.0 and later versions.\u003C\u002Fp>\n\u003Cp>For all intents and purposes, having this plugin installed and active in WooCommerce 9.0 and newer versions is equivalent to enabling the Legacy REST API in WooCommerce 8.9 and older versions (via WooCommerce – Settings – Advanced – Legacy API). All the endpoints work the same way, and existing user keys also continue working.\u003C\u002Fp>\n\u003Cp>On the other hand, installing this plugin together with WooCommerce 8.9 or an older version is safe: the plugin detects that the Legacy REST API is still part of WooCommerce and doesn’t initialize itself as to not interfere with the built-in code.\u003C\u002Fp>\n\u003Cp>Please note that \u003Cstrong>the Legacy REST API is not compatible with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fdocument\u002Fhigh-performance-order-storage\u002F\" rel=\"nofollow ugc\">High-Performance Order Storage\u003C\u002Fa>\u003C\u002Fstrong>. Upgrading the code that relies on the Legacy REST API to use the current WooCommerce REST API instead is highly recommended.\u003C\u002Fp>\n","The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.",400000,2304709,27,"2025-01-23T18:59:00.000Z","7.4",[23,112,113],"woo","woocommerce","https:\u002F\u002Fgithub.com\u002Fwoocommerce\u002Fwoocommerce-legacy-rest-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoocommerce-legacy-rest-api.1.0.5.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9","5.6",[134,20,135,136,23],"admin","json","rest","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"attackSurface":140,"codeSignals":182,"taintFlows":202,"riskAssessment":228,"analyzedAt":240},{"hooks":141,"ajaxHandlers":170,"restRoutes":171,"shortcodes":179,"cronEvents":180,"entryPointCount":181,"unprotectedCount":28},[142,148,150,153,157,160,164,167],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","plugin_action_links_wp-openapi\u002Fwp-openapi.php","closure","src\\SettingsPage.php",66,{"type":143,"name":149,"callback":145,"file":146,"line":56},"admin_menu",{"type":143,"name":151,"callback":145,"file":146,"line":152},"admin_init",106,{"type":143,"name":149,"callback":154,"file":155,"line":156},"addAdminMenu","wp-openapi.php",210,{"type":143,"name":158,"callback":145,"file":155,"line":159},"init",211,{"type":143,"name":161,"callback":162,"file":155,"line":163},"rest_api_init","registerRestAPIEndpoint",222,{"type":143,"name":165,"callback":145,"file":155,"line":166},"wp",223,{"type":143,"name":168,"callback":145,"file":155,"line":169},"cli_init",232,[],[172],{"namespace":173,"route":174,"methods":175,"callback":177,"permissionCallback":145,"file":155,"line":178},"wp-openapi\u002Fv1","schema",[176],"GET","sendOpenAPISchema",53,[],[],1,{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":14,"externalRequests":28,"nonceChecks":28,"capabilityChecks":181,"bundledLibraries":201},[],{"prepared":28,"raw":28,"locations":185},[],{"escaped":67,"rawEcho":187,"locations":188},6,[189,193,194,195,197,199],{"file":190,"line":191,"context":192},"resources\\views\\export-html.php",10,"raw output",{"file":190,"line":34,"context":192},{"file":146,"line":34,"context":192},{"file":146,"line":196,"context":192},44,{"file":146,"line":198,"context":192},58,{"file":146,"line":200,"context":192},95,[],[203],{"entryPoint":204,"graph":205,"unsanitizedCount":33,"severity":227},"\u003Cwp-openapi> (wp-openapi.php:0)",{"nodes":206,"edges":223},[207,212,216],{"id":208,"type":209,"label":210,"file":155,"line":211},"n0","source","$_GET (x2)",244,{"id":213,"type":214,"label":215,"file":155,"line":211},"n1","transform","→ execute()",{"id":217,"type":218,"label":219,"file":220,"line":221,"wp_function":222},"n2","sink","file_put_contents() [File Write]","src\\CLI\\ExportAsJSON.php",34,"file_put_contents",[224,226],{"from":208,"to":213,"sanitized":225},false,{"from":213,"to":217,"sanitized":225},"medium",{"summary":229,"deductions":230},"The wp-openapi plugin v1.0.27 demonstrates a generally good security posture, with no known historical vulnerabilities or critical issues identified in the static analysis. The plugin effectively utilizes prepared statements for all SQL queries and performs capability checks for its single REST API route. The absence of AJAX handlers, shortcodes, cron events, and external HTTP requests significantly limits its attack surface. However, there are a couple of areas for improvement.  The taint analysis identified a flow with an unsanitized path, which, while not currently rated as critical or high severity, represents a potential risk if not properly handled. Additionally, a significant portion of output (35%) is not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sanitization.",[231,234,237],{"reason":232,"points":233},"Taint flow with unsanitized path found",8,{"reason":235,"points":236},"Significant portion of output not properly escaped",7,{"reason":238,"points":239},"No nonce checks on entry points",5,"2026-03-16T19:54:47.842Z",{"wat":242,"direct":251},{"assetPaths":243,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[244,245],"\u002Fwp-content\u002Fplugins\u002Fwp-openapi\u002Fbuild\u002Fassets\u002Fcss\u002Findex.css","\u002Fwp-content\u002Fplugins\u002Fwp-openapi\u002Fbuild\u002Fassets\u002Fjs\u002Findex.js",[],[245],[249,250],"wp-openapi\u002Fbuild\u002Fassets\u002Fcss\u002Findex.css?ver=","wp-openapi\u002Fbuild\u002Fassets\u002Fjs\u002Findex.js?ver=",{"cssClasses":252,"htmlComments":255,"htmlAttributes":256,"restEndpoints":260,"jsGlobals":262,"shortcodeOutput":264},[253,254],"wp-openapi-settings-page-container","wp-openapi-settings-page-tab-link",[],[257,258,259],"data-wp-openapi-route-name","data-wp-openapi-method","data-wp-openapi-path",[261],"\u002Fwp-openapi\u002Fv1\u002Fschema",[263],"window.wpOpenAPIData",[]]