Does WP REST API Helper have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP REST API Helper compatible with WordPress 5.7.15?

According to WordPress.org data, WP REST API Helper 2.0.2 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is WP REST API Helper compatible with PHP 7.0+?

WP REST API Helper requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP REST API Helper updated?

WP REST API Helper was last updated on Mar 14, 2021. Frequent updates are generally a positive security signal.

What is WP REST API Helper's security score?

WP REST API Helper has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP REST API Helper Security & Risk Analysis

wordpress.org/plugins/wp-rest-api-helper

A plugin to help out WP REST API.

40 active installs v2.0.2 PHP 7.0+ WP 4.7+ Updated Mar 14, 2021

apirestrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP REST API Helper Safe to Use in 2026?

Generally Safe

Score 85/100

WP REST API Helper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The wp-rest-api-helper v2.0.2 plugin exhibits a concerning security posture due to a significant lack of authentication and authorization checks on its exposed REST API routes. While the plugin demonstrates good practices in areas such as SQL query preparation, output escaping, and avoiding dangerous functions, the three exposed REST API routes are entirely unprotected. This creates a substantial attack surface where unauthenticated users could potentially interact with plugin functionalities, leading to unintended consequences or information disclosure. The absence of nonce and capability checks further exacerbates this risk, leaving these entry points vulnerable to exploitation. The plugin's vulnerability history is clean, which is a positive sign, suggesting a potentially well-maintained codebase or a lack of past high-impact vulnerabilities. However, this clean history does not mitigate the immediate risks presented by the current static analysis findings. The primary weakness is the unprotected REST API, which needs immediate attention to ensure proper authorization mechanisms are in place.

Key Concerns

REST API routes without permission callbacks
No nonce checks
No capability checks

Vulnerabilities

None known

WP REST API Helper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP REST API Helper Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

WP REST API Helper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

3 unprotected

WP REST API Helper Attack Surface

Entry Points3

Unprotected3

REST API Routes 3

GET/wp-json/wp/v2generalapi\General\General.php:19

GET/wp-json/wp/v2menusapi\Menus\Menus.php:19

GET/wp-json/wp/v2widgetsapi\Widgets\Widgets.php:19

WordPress Hooks 11

actionrest_api_initapi\General\General.php:11

actionrest_api_initapi\Menus\Menus.php:11

actionrest_api_initapi\Pages\AuthorDetails.php:11

actionrest_api_initapi\Pages\FeaturedImage.php:11

actionrest_api_initapi\Pages\PostDate.php:11

actionrest_api_initapi\Posts\AuthorDetails.php:11

actionrest_api_initapi\Posts\FeaturedImage.php:11

actionrest_api_initapi\Posts\PostDate.php:11

actionrest_api_initapi\Posts\PostTerms.php:11

actionrest_api_initapi\Widgets\Widgets.php:11

actionplugins_loadedwp-rest-api-helper.php:42

Maintenance & Trust

WP REST API Helper Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMar 14, 2021

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

WP REST API Helper Alternatives

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs

Disable REST API

disable-json-api

Disable the use of the REST API on your website to site users. Now with User Role support!

90K No CVEs

Make Connector

integromat-connector

Make Connector. Make lets you design, build, and automate by connecting with WordPress in just a few clicks.

80K 3 CVEs

JWT Authentication for WP REST API

jwt-authentication-for-wp-rest-api

100

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

60K No CVEs

Disable WP REST API

disable-wp-rest-api

100

Disables the WP REST API for visitors not logged into WordPress.

30K No CVEs

Developer Profile

WP REST API Helper Developer Profile

MD. Rabiul Islam Robi

3 plugins · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP REST API Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-rest-api-helper/assets/css/style.css/wp-content/plugins/wp-rest-api-helper/assets/js/wp-rest-api-helper.js

Script Paths

/wp-content/plugins/wp-rest-api-helper/assets/js/wp-rest-api-helper.js

Version Parameters

wp-rest-api-helper/assets/css/style.css?ver=wp-rest-api-helper/assets/js/wp-rest-api-helper.js?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/wp/v2/general/wp-json/wp/v2/menus/wp-json/wp/v2/widgets

FAQ