WP-Safety

REST API Log Security & Risk Analysis

wordpress.org/plugins/wp-rest-api-log

WordPress plugin to log REST API requests and responses

5K active installs v1.7.0 PHP + WP 4.7+ Updated Jan 2, 2025
apijsonrest-apiwp-apiwp-rest-api
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is REST API Log Safe to Use in 2026?

Generally Safe

Score 92/100

REST API Log has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "wp-rest-api-log" plugin v1.7.0 demonstrates a mixed security posture. On the positive side, the plugin shows strong adherence to secure coding practices with a high percentage of properly escaped outputs and a majority of SQL queries utilizing prepared statements. The absence of dangerous functions, file operations, external HTTP requests, and known vulnerability history are also significant strengths, suggesting a generally well-maintained codebase. However, the presence of one unprotected AJAX handler stands out as a notable concern. While the total attack surface is small, this single unauthenticated entry point could potentially be exploited if it handles user-supplied data without proper validation or sanitization, despite the lack of critical taint analysis findings in the static scan. The plugin's vulnerability history being clean is encouraging, but it doesn't entirely negate the risk posed by the unprotected AJAX handler. Overall, the plugin has a good foundation for security, but the unprotected AJAX endpoint requires careful review and potentially patching to mitigate any latent risks.

Key Concerns

  • Unprotected AJAX handler found
Vulnerabilities
None known

REST API Log Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

REST API Log Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
9 prepared
Unescaped Output
7
127 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

75% prepared12 total queries

Output Escaping

95% escaped134 total outputs
Attack Surface
1 unprotected

REST API Log Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wp-rest-api-log-db-notice-dismissincludes\settings\class-wp-rest-api-log-settings-general.php:16
WordPress Hooks 41
actionadmin_initadmin\class-wp-rest-api-log-admin-list-table.php:13
filterpost_row_actionsadmin\class-wp-rest-api-log-admin-list-table.php:20
actionrestrict_manage_postsadmin\class-wp-rest-api-log-admin-list-table.php:28
actionpre_get_postsadmin\class-wp-rest-api-log-admin-list-table.php:29
filterpost_type_linkadmin\class-wp-rest-api-log-admin.php:15
filterget_edit_post_linkadmin\class-wp-rest-api-log-admin.php:16
actionadmin_initadmin\class-wp-rest-api-log-admin.php:17
actionadmin_initadmin\class-wp-rest-api-log-admin.php:18
actionadmin_menuadmin\class-wp-rest-api-log-admin.php:19
filterwp_link_query_argsadmin\class-wp-rest-api-log-admin.php:20
filteradmin_titleadmin\class-wp-rest-api-log-admin.php:21
filteruser_has_capadmin\class-wp-rest-api-log-admin.php:22
actioncurrent_screenadmin\class-wp-rest-api-log-admin.php:24
actionwp-rest-api-log-entry-property-linksadmin\class-wp-rest-api-log-admin.php:27
actionrest_api_initincludes\class-wp-rest-api-log-controller.php:11
actionrest_api_initincludes\class-wp-rest-api-log-controller.php:12
filterrest_pre_serve_requestincludes\class-wp-rest-api-log-controller.php:373
filterposts_whereincludes\class-wp-rest-api-log-db.php:25
filterposts_whereincludes\class-wp-rest-api-log-db.php:28
actionep_add_query_logincludes\class-wp-rest-api-log-elasticpress.php:25
filterep_post_sync_killincludes\class-wp-rest-api-log-elasticpress.php:26
actioninitincludes\class-wp-rest-api-log-post-type.php:10
actioninitincludes\class-wp-rest-api-log-taxonomies.php:10
filterrest_pre_serve_requestincludes\class-wp-rest-api-log.php:18
filterwp-rest-api-log-bypass-insertincludes\class-wp-rest-api-log.php:21
actionadmin_initincludes\class-wp-rest-api-log.php:24
actionwp-rest-api-log-purge-old-recordsincludes\class-wp-rest-api-log.php:27
actionadmin_initincludes\settings\class-wp-rest-api-log-settings-elasticpress.php:13
filterwp-rest-api-log-settings-tabsincludes\settings\class-wp-rest-api-log-settings-elasticpress.php:14
actionadmin_initincludes\settings\class-wp-rest-api-log-settings-general.php:13
filterwp-rest-api-log-settings-tabsincludes\settings\class-wp-rest-api-log-settings-general.php:14
actionadmin_noticesincludes\settings\class-wp-rest-api-log-settings-general.php:15
actionadmin_initincludes\settings\class-wp-rest-api-log-settings-help.php:13
filterwp-rest-api-log-settings-tabsincludes\settings\class-wp-rest-api-log-settings-help.php:14
actionadmin_initincludes\settings\class-wp-rest-api-log-settings-routes.php:17
filterwp-rest-api-log-settings-tabsincludes\settings\class-wp-rest-api-log-settings-routes.php:18
actionadmin_menuincludes\settings\class-wp-rest-api-log-settings.php:16
actionadmin_noticesincludes\settings\class-wp-rest-api-log-settings.php:17
filterwp-rest-api-log-setting-is-enabledincludes\settings\class-wp-rest-api-log-settings.php:20
filterwp-rest-api-log-setting-getincludes\settings\class-wp-rest-api-log-settings.php:21
actionplugins_loadedwp-rest-api-log.php:108

Scheduled Events 1

wp-rest-api-log-purge-old-records
Maintenance & Trust

REST API Log Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 2, 2025
PHP min version
Downloads113K

Community Trust

Rating72/100
Number of ratings24
Active installs5K
Alternatives

REST API Log Alternatives

WP API Menus

WP API Menus

wp-api-menus

A
85

Extends WordPress WP REST API with new routes pointing to WordPress menus.

2K No CVEs
WP-REST-API Menus

WP-REST-API Menus

wp-rest-api-menus

A
85

Adds menu endpoints to core WP REST API.

70 No CVEs
API Log Pro

API Log Pro

api-log-pro

A
85

A simple plugin to log WordPress Rest API Requests.

10 No CVEs
WP API (V2) WooCommerce endpoints

WP API (V2) WooCommerce endpoints

wp-api-v2-woocommerce-endpoints

A
85

Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).

10 No CVEs
WP API Options

WP API Options

wp-rest-api-options

A
85

Extends WordPress WP REST API with new routes pointing to WordPress options.

10 No CVEs
Developer Profile

REST API Log Developer Profile

Pete Nelson

8 plugins · 8K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect REST API Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-rest-api-log/admin/js/wp-rest-api-log-admin.js
Script Paths
/wp-content/plugins/wp-rest-api-log/admin/js/wp-rest-api-log-admin.js
Version Parameters
wp-rest-api-log/admin/js/wp-rest-api-log-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
wp_rest_api_log_start
REST Endpoints
/wp-json/wp-rest-api-log/v1/
FAQ

Frequently Asked Questions about REST API Log