[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL7Fc3IcSUA9rRoM4bsb7Q2ZafT4vGAheOubTKM70b1k":3,"$fEsWTkgkFnxbLPTMJ_smaIcoMjHppbpNe6dn25QDZiJg":194,"$fenyyBO9gc243NjrcLYzeEB1diY99s5XztQl3gI7jIgE":199},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":132,"fingerprints":180},"wp-query-route-to-rest-api","WP_Query Route To REST API","1.3.2","Generaxion","https:\u002F\u002Fprofiles.wordpress.org\u002Faucor\u002F","\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds new route \u002Fwp-json\u002Fwp_query\u002Fargs\u002F to REST API.\u003C\u002Fli>\n\u003Cli>You can query content with WP_Query args.\u003C\u002Fli>\n\u003Cli>There’s extensive filters and actions to limit or extend functionality.\u003C\u002Fli>\n\u003Cli>Built-in compatibility for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelevanssi\u002F\" rel=\"ugc\">Relevanssi (‘s’ argument)\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolylang\u002F\" rel=\"ugc\">Polylang (‘lang’ argument)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds new route \u002Fwp-json\u002Fwp_query\u002Fargs\u002F to REST API.",100,2970,0,"2022-04-12T11:49:00.000Z","5.9.13","4.7.3","7.0",[19,20,21],"rest-api","wordpress","wp_query","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-query-route-to-rest-api.1.3.2.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"aucor",6,560,30,84,"2026-07-15T09:43:05.026Z",[37,50,73,93,112],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":48,"download_link":49,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"dynamic-mo-loader","Dynamic MO Loader","1.4.1","\u003Cp>Changing the WordPress site language to any other than English slows down page generation times. A lot. This is caused by the slow and inefficient way of text domain loading. This plugin, based on the excellent work by Björn Ahrens, aims to fix that by loading only the text domains that are used in a page and even more, by caching them.\u003Cbr \u002F>\nPO and MO files are designed to be used with PHP Gettext-extension. But since it\\’s an extension, it\\’s not installed by default on all hosting platforms. To overcome this barrier, WordPress has re-implemented the whole MO file parsing in PHP completely ignoring the possibility to use native gettext, if available. This WordPress\\’ implementation is a bit slow.\u003Cbr \u002F>\nThis plugin has another implementation of MO parsing, which is faster than the default one. The plugin also loads only the text domains that are required to generate the current page instead the default behavior of loading every available text domain. As front end pages usually only use strings from few text domains, this leads to a great performance boost in front end.\u003Cbr \u002F>\nTo boost the performance even more, the plugin also caches the loaded text domains in to the object cache. For optimal performance you need a fast object cache backend like Redis, Memcached or APC(u).\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faucor\u002Fdynamic-mo-loader\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Better text domain loading with object cache support",10,2095,"2019-11-21T07:32:00.000Z","5.2.24",[19,20,21],"https:\u002F\u002Fgithub.com\u002Faucor\u002Fdynamic-mo-loader","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-mo-loader.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":71,"download_link":72,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"rest-api-featured-image","REST API Featured Image","0.9.2","uri","https:\u002F\u002Fprofiles.wordpress.org\u002Ficelayer\u002F","\u003Cp>\u003Cstrong>REST API Featured Image\u003C\u002Fstrong> is a lightweight yet powerful plugin that simplifies how to retrieve featured images via the WordPress REST API. By introducing a top-level field called \u003Ccode>featured_media_src_url\u003C\u002Fcode>, this plugin embeds the direct URL of the featured image into your REST API responses. This eliminates the need for additional API calls to fetch featured images, resulting in faster load times and enhanced site performance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– \u003Cstrong>Direct Access to Featured Image URL:\u003C\u002Fstrong> Adds \u003Ccode>featured_media_src_url\u003C\u002Fcode> to REST API responses, providing immediate access to the featured image URL.\u003Cbr \u002F>\n– \u003Cstrong>Performance Optimization:\u003C\u002Fstrong> Reduces the number of API requests, improving the speed and efficiency of your applications.\u003Cbr \u002F>\n– \u003Cstrong>Custom Post Type Support:\u003C\u002Fstrong> Fully supports custom post types, allowing you to enable or disable the featured image URL field for specific post types through the admin settings.\u003Cbr \u002F>\n– \u003Cstrong>User-Friendly Configuration:\u003C\u002Fstrong> Easy to install and configure without any coding.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Use REST API Featured Image?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When developing applications or themes that rely on the WordPress REST API, accessing the featured image typically requires an additional request for each post. This can be time-consuming and may negatively impact site performance. \u003Cstrong>REST API Featured Image\u003C\u002Fstrong> addresses this issue by including the featured image URL directly in the REST API response, saving you time and resources.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST API Featured Image Field:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– \u003Ccode>featured_media_src_url\u003C\u002Fcode>\u003C\u002Fp>\n","Enhance your WordPress REST API by adding a featured image URL field directly to API responses, improving performance by eliminating extra requests.",700,9503,80,4,"2025-08-06T02:19:00.000Z","6.8.5","5.3.0","7.4",[67,68,69,19,70],"api-performance","featured-image","featured-image-url","wordpress-rest-api","https:\u002F\u002Fgithub.com\u002Fdevuri\u002Frest-api-featured-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-featured-image.0.9.2.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":11,"num_ratings":83,"last_updated":84,"tested_up_to":63,"requires_at_least":85,"requires_php":22,"tags":86,"homepage":22,"download_link":90,"security_score":91,"vuln_count":83,"unpatched_count":83,"last_vuln_date":92,"fetched_at":26},"seo-meta-description-updater","SEO Meta Description Updater","1.2.0","Joby Joseph","https:\u002F\u002Fprofiles.wordpress.org\u002Fjobyjoseph\u002F","\u003Cp>SEO Meta Description Updater is a lightweight plugin that enables updating SEO meta descriptions for posts using the WordPress REST API.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>After activation, you can update a post’s meta description using:\u003Cbr \u002F>\n    POST \u002Fwp-json\u002Fseo-meta\u002Fv1\u002Fupdate\u002F{post_id}\u003C\u002Fp>\n","A simple plugin to update SEO meta descriptions via the WordPress REST API.",500,1029,1,"2025-05-09T07:43:00.000Z","5.0",[87,19,88,89],"meta-description","seo","wordpress-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-meta-description-updater.zip",70,"2025-10-05 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":63,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":22,"download_link":111,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"woo-media-api","Media API for WooCommerce","2.8.1","WooPOS","https:\u002F\u002Fprofiles.wordpress.org\u002Fwoopos\u002F","\u003Cp>Media API for WooCommerce is an extension of \u003Ca href=\"http:\u002F\u002Fwoocommerce.github.io\u002Fwoocommerce-rest-api-docs\" rel=\"nofollow ugc\">WooCommerce API\u003C\u002Fa> with new endpoint \u003Ccode>media\u003C\u002Fcode>(\u002Fwp-json\u002Fwc\u002Fv2\u002Fmedia). This is a wrapper of existing \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\" rel=\"nofollow ugc\">WordPress REST API\u003C\u002Fa>. This plugin will help you bypass WordPress REST API authentication settings and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjwt-authentication-for-wp-rest-api\u002F\" rel=\"ugc\">JWT\u003C\u002Fa>, and use WooCommerce API to upload medias and images directly.\u003C\u002Fp>\n\u003Cp>Media properties can be found \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Freference\u002Fmedia\u002F#schema\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003Cbr \u002F>\nTwo additional properties have been added to create media file:\u003Cbr \u002F>\nmedia_path (string write-only): relative path folder (under wp-content\u002Fuploads) of the file to create. eg: 2018\u002F05\u002Fdepartment\u002Fbrand.\u003Cbr \u002F>\nmedia_attachment (string write-only): base64 string of media binary file. eg: \u003Ccode>R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>List all media: available parameters \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Freference\u002Fmedia\u002F#list-media\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoopos.com\" rel=\"nofollow ugc\">WooPOS\u003C\u002Fa> (WooCommerce Point Of Sale and Inventory Management desktop app) user: please install this plugin to manage images from WooPOS.\u003C\u002Fp>\n","Media endpoint for WooCommerce API. Upload and list media file by WooCommerce REST API.",400,7252,"2025-12-07T03:06:00.000Z","4.0","5.2.4",[107,108,109,110,70],"media-library","woocommerce-api","woocommerce-point-of-sale","woopos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-media-api.2.8.1.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":60,"downloaded":120,"rating":11,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":65,"tags":125,"homepage":130,"download_link":131,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"init-embed-posts","Init Embed Posts – Stylish, Fast, Portable","1.6","Init HTML","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrokensmile2103-1\u002F","\u003Cp>Init Embed Posts lets you embed WordPress content externally – with beautiful cards, real-time REST API data, and zero friction.\u003C\u002Fp>\n\u003Cp>Instead of using iframes or clunky oEmbed, this plugin gives you clean \u003Ccode>\u003Cdiv>\u003C\u002Fcode> + \u003Ccode>\u003Cscript>\u003C\u002Fcode> snippets, which load the post or product dynamically using WordPress REST API. Designed for speed, style, and full control – using pure JavaScript and smart caching.\u003C\u002Fp>\n\u003Cp>This plugin is part of the \u003Ca href=\"https:\u002F\u002Fen.inithtml.com\u002Finit-plugin-suite-minimalist-powerful-and-free-wordpress-plugins\u002F\" rel=\"nofollow ugc\">Init Plugin Suite\u003C\u002Fa> — a collection of minimalist, fast, and developer-focused tools for WordPress.\u003C\u002Fp>\n\u003Cp>GitHub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbrokensmile2103\u002Finit-embed-posts\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbrokensmile2103\u002Finit-embed-posts\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Embed any public post or WooCommerce product\u003C\u002Fli>\n\u003Cli>Works anywhere: raw HTML, CMS, blog, landing page…\u003C\u002Fli>\n\u003Cli>Beautiful card layout:\n\u003Cul>\n\u003Cli>Site name + favicon\u003C\u002Fli>\n\u003Cli>Title, excerpt, date (for posts)\u003C\u002Fli>\n\u003Cli>Featured image, horizontal gallery (optional)\u003C\u002Fli>\n\u003Cli>Product name, price, sale price with strikethrough\u003C\u002Fli>\n\u003Cli>“Add to cart” styled button (optional)\u003C\u002Fli>\n\u003Cli>Auto dark mode, adapts to embedding site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Hover effects and modern UI\u003C\u002Fli>\n\u003Cli>Skeleton loader while waiting for data\u003C\u002Fli>\n\u003Cli>JS-only, no iframe, no jQuery, no dependency\u003C\u002Fli>\n\u003Cli>Modal UI to generate personalized embed code\u003C\u002Fli>\n\u003Cli>Smart \u003Ccode>\u003Cscript>\u003C\u002Fcode> switching:\n\u003Cul>\n\u003Cli>\u003Ccode>init-embed.js\u003C\u002Fcode> for posts\u003C\u002Fli>\n\u003Cli>\u003Ccode>init-embed-product.js\u003C\u002Fcode> for Woo products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Embed attributes:\n\u003Cul>\n\u003Cli>\u003Ccode>data-theme=\"light|dark|auto\"\u003C\u002Fcode> – force or auto-detect theme\u003C\u002Fli>\n\u003Cli>\u003Ccode>data-image\u003C\u002Fcode>, \u003Ccode>data-featured\u003C\u002Fcode>, \u003Ccode>data-cart\u003C\u002Fcode> – control content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Cached REST API (immutable, 1 year)\u003C\u002Fli>\n\u003Cli>Developer filters to customize data and HTML\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters for Developers\u003C\u002Fh3>\n\u003Cp>These filters give you full control over how data is rendered and returned.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST response filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_rest_response\u003C\u002Fcode>\u003Cbr \u002F>\nModify REST API response for posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_products_rest_response\u003C\u002Fcode>\u003Cbr \u002F>\nModify REST API response for Woo products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_view_count_keys\u003C\u002Fcode>\u003Cbr \u002F>\nCustomize the list of post meta keys used to detect view count. Supports array of meta keys, ordered by priority.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Excerpt filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_excerpt\u003C\u002Fcode>\u003Cbr \u002F>\nCustomize excerpt for posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_products_excerpt\u003C\u002Fcode>\u003Cbr \u002F>\nCustomize excerpt for products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Image control:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_images\u003C\u002Fcode>\u003Cbr \u002F>\nFilter image list for embedded post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_products_images\u003C\u002Fcode>\u003Cbr \u002F>\nFilter image list for embedded product.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_extracted_images\u003C\u002Fcode>\u003Cbr \u002F>\nFilter raw image URLs extracted from post content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Favicon:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_posts_favicon_url\u003C\u002Fcode>\u003Cbr \u002F>\nOverride favicon for posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>init_plugin_suite_embed_products_favicon_url\u003C\u002Fcode>\u003Cbr \u002F>\nOverride favicon for products.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>HTML output filters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>init_plugin_suite_embed_posts_shortcode_html\u003C\u002Fcode>\u003Cbr \u002F>\nCustomize HTML output of the \u003Ccode>[init_embed_code]\u003C\u002Fcode> shortcode. Allows complete control over button markup, styling, and attributes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Auto-insert locations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>init_embed_insert_locations\u003C\u002Fcode>\u003Cbr \u002F>\nCustomize or filter valid auto-insert positions (e.g., after title, before content, etc).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nYou are free to use, modify, and distribute it under the same license.\u003C\u002Fp>\n","Embed WordPress posts or products anywhere – like a Twitter Card. No iframe. No oEmbed. Just pure JS, full control, and beautiful design.",986,2,"2025-12-23T05:16:00.000Z","6.9.4","5.5",[126,127,19,128,129],"embed","post-preview","woocommerce","wordpress-card","https:\u002F\u002Finithtml.com\u002Fplugin\u002Finit-embed-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finit-embed-posts.1.6.zip",{"attackSurface":133,"codeSignals":161,"taintFlows":169,"riskAssessment":170,"analyzedAt":179},{"hooks":134,"ajaxHandlers":150,"restRoutes":151,"shortcodes":159,"cronEvents":160,"entryPointCount":83,"unprotectedCount":13},[135,141,146],{"type":136,"name":137,"callback":138,"file":139,"line":140},"filter","wp_query_route_to_rest_api_allowed_args","plugin_compatibility_args","wp_query-route-to-rest-api.php",22,{"type":142,"name":143,"callback":144,"file":139,"line":145},"action","wp_query_route_to_rest_api_after_query","plugin_compatibility_after_query",23,{"type":142,"name":147,"callback":148,"file":139,"line":149},"rest_api_init","wp_query_route_to_rest_api_init",455,[],[152],{"namespace":21,"route":153,"methods":154,"callback":156,"permissionCallback":157,"file":139,"line":158},"args",[155],"GET","get_items","get_items_permissions_check",35,[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":168},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":166,"rawEcho":13,"locations":167},3,[],[],[],{"summary":171,"deductions":172},"The \"wp-query-route-to-rest-api\" plugin version 1.3.2 demonstrates a generally strong security posture based on the provided static analysis.  There are no identified dangerous functions, file operations, or external HTTP requests.  All SQL queries utilize prepared statements, and all identified output operations are properly escaped.  The plugin also has no recorded vulnerabilities (CVEs) or past security incidents, indicating a likely history of secure development. The attack surface is minimal, with only one REST API route, and importantly, no unprotected entry points were found, suggesting proper authentication and authorization checks are in place for the exposed functionality.\n\nHowever, the analysis does reveal some areas that warrant attention.  The complete absence of nonce checks across all entry points, combined with zero identified capability checks, raises a concern about the robustness of the authorization mechanisms. While the static analysis indicates no *unprotected* entry points, a lack of specific nonces for AJAX or REST API endpoints means that even authenticated users might not be adequately protected against certain types of CSRF (Cross-Site Request Forgery) attacks if the REST API route relies solely on session cookies for authentication and lacks specific token validation.  The zero taint flows are positive but do not entirely negate the risk associated with potentially weak authorization controls for the single REST API route.\n\nIn conclusion, the plugin is well-developed from a coding hygiene perspective, with secure handling of database operations and output. The lack of historical vulnerabilities is a significant strength. The primary concern stems from the complete omission of nonce checks and the minimal explicit capability checks on its single REST API endpoint. This could be a potential weakness against specific attack vectors like CSRF, even if the overall attack surface is small and seemingly protected. Further investigation into the specific implementation of the REST API route's permission callback would be beneficial.",[173,176],{"reason":174,"points":175},"Missing nonce checks",8,{"reason":177,"points":178},"Minimal capability checks",5,"2026-03-16T20:40:37.477Z",{"wat":181,"direct":186},{"assetPaths":182,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[],[],[],[],{"cssClasses":187,"htmlComments":188,"htmlAttributes":189,"restEndpoints":190,"jsGlobals":192,"shortcodeOutput":193},[],[],[],[191],"\u002Fwp-json\u002Fwp_query\u002Fargs",[],[],{"error":195,"url":196,"statusCode":197,"statusMessage":198,"message":198},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-query-route-to-rest-api\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":166,"versions":200},[201,207,214],{"version":6,"download_url":23,"svn_tag_url":202,"released_at":25,"has_diff":203,"diff_files_changed":204,"diff_lines":25,"trac_diff_url":205,"vulnerabilities":206,"is_current":195},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-query-route-to-rest-api\u002Ftags\u002F1.3.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-query-route-to-rest-api%2Ftags%2F1.3.1&new_path=%2Fwp-query-route-to-rest-api%2Ftags%2F1.3.2",[],{"version":208,"download_url":209,"svn_tag_url":210,"released_at":25,"has_diff":203,"diff_files_changed":211,"diff_lines":25,"trac_diff_url":212,"vulnerabilities":213,"is_current":203},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-query-route-to-rest-api.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-query-route-to-rest-api\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-query-route-to-rest-api%2Ftags%2F1.3.0&new_path=%2Fwp-query-route-to-rest-api%2Ftags%2F1.3.1",[],{"version":215,"download_url":216,"svn_tag_url":217,"released_at":25,"has_diff":203,"diff_files_changed":218,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":219,"is_current":203},"1.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-query-route-to-rest-api.1.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-query-route-to-rest-api\u002Ftags\u002F1.3.0\u002F",[],[]]