[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSCawW3HL-3hGnmh91hI4DSy8vrfGaJsmsXtduRZXSLE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":121,"fingerprints":310},"wp-rest-api-log","REST API Log","1.7.0","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>WordPress plugin to log \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa> requests and responses (for v2 of the API).\u003C\u002Fp>\n\u003Cp>Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress admin page to view and search log entries\u003C\u002Fli>\n\u003Cli>API endpoint to access log entries via JSON\u003C\u002Fli>\n\u003Cli>Filters to customize logging\u003C\u002Fli>\n\u003Cli>Custom endpoint logging\u003C\u002Fli>\n\u003Cli>ElasticPress logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Roadmap\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better search capabilities for log entries via the REST API endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin to log REST API requests and responses",5000,113000,72,24,"2025-01-02T16:29:00.000Z","6.7.5","4.7","",[20,21,22,23,24],"api","json","rest-api","wp-api","wp-rest-api","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-log.1.7.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"gungeekatx",8,7660,89,30,86,"2026-04-03T19:33:36.930Z",[41,61,78,95,109],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":34,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107511,100,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[21,56,57,23,24],"json-rest-api","menus","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":28,"num_ratings":28,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":76,"download_link":77,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-api-menus","WP-REST-API Menus","1.0","jcdev518","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcdev518\u002F","\u003Cp>This plugin adds “routes” or “endpoints” to WP REST API that allows for retrieval of\u003Cbr \u002F>\nmenu data as JSON.\u003C\u002Fp>\n\u003Cp>Updated port of “WP-REST-API V2 Menus” by Claudio La Barbera (http:\u002F\u002Fwww.claudiolabarbera.com)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all registered menus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Get menu data as JSON from menu slug:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Gets the contents of a registered menu by its “slug”.\u003C\u002Fp>\n\u003Cp>When assigning a menu a location in \u002Fwp-admin\u002Fnav-menus.php?action=locations\u003Cbr \u002F>\nthe slug is the name of the menu in lowercase and without any spaces like a post slug.\u003C\u002Fp>\n\u003Cp>If your menu name is Main Menu:\u003Cbr \u002F>\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fmenus\u002Fv1\u002Fwp-menus\u002Fmain-menu\u003C\u002Fp>\n","Adds menu endpoints to core WP REST API.",70,2395,"2018-03-26T22:33:00.000Z","4.9.29","4.7.0","5.6",[21,56,57,23,24],"https:\u002F\u002Fwww.amorphouswebsolutions.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-menus.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":93,"download_link":94,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"api-log-pro","API Log Pro","1.0.0","Hubbard Labs","https:\u002F\u002Fprofiles.wordpress.org\u002Fhubbardlabs\u002F","\u003Cp>This plugin enables logging of all calls to the WordPress REST API. You can view all logs from the WordPress Admin under \u003Cstrong>API Log Pro\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>WP-CLI Support\u003C\u002Fh3>\n\u003Cp>This plugin offers some basic wp-cli support. You can use the following command to delete all the logs in the db.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wp api-log-pro delete\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A simple plugin to log WordPress Rest API Requests.",10,4140,"2022-06-24T15:46:00.000Z","6.0.11","4.6","7.0.0",[20,21,22,23,24],"https:\u002F\u002Fgithub.com\u002Fhubbardlabs\u002Fapi-log-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapi-log-pro.1.0.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":86,"downloaded":103,"rating":28,"num_ratings":28,"last_updated":104,"tested_up_to":105,"requires_at_least":54,"requires_php":18,"tags":106,"homepage":18,"download_link":108,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-v2-woocommerce-endpoints","WP API (V2) WooCommerce endpoints","1.0.2","Oleg Kostin","https:\u002F\u002Fprofiles.wordpress.org\u002Foleg2tor\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new endpoints for WooCommerce (is_shop, is_cart, is_checkout, is_account_page) page functions\u003C\u002Fp>\n","Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).",1916,"2016-04-26T00:10:00.000Z","4.5.33",[21,56,107,23,24],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-v2-woocommerce-endpoints.zip",{"slug":110,"name":111,"version":112,"author":99,"author_profile":100,"description":113,"short_description":114,"active_installs":86,"downloaded":115,"rating":51,"num_ratings":116,"last_updated":117,"tested_up_to":105,"requires_at_least":54,"requires_php":18,"tags":118,"homepage":18,"download_link":120,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-api-options","WP API Options","1.0.1","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress options\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress options.",2610,1,"2016-05-09T14:08:00.000Z",[21,56,119,23,24],"options","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-options.zip",{"attackSurface":122,"codeSignals":266,"taintFlows":303,"riskAssessment":304,"analyzedAt":309},{"hooks":123,"ajaxHandlers":256,"restRoutes":261,"shortcodes":262,"cronEvents":263,"entryPointCount":116,"unprotectedCount":116},[124,129,133,137,141,146,149,152,156,159,161,164,168,171,175,179,182,186,191,193,197,201,205,208,212,215,217,220,223,227,230,231,234,237,238,241,242,244,246,249,252],{"type":125,"name":126,"callback":126,"file":127,"line":128},"action","admin_init","admin\\class-wp-rest-api-log-admin-list-table.php",13,{"type":130,"name":131,"callback":131,"priority":86,"file":127,"line":132},"filter","post_row_actions",20,{"type":125,"name":134,"callback":135,"file":127,"line":136},"restrict_manage_posts","add_dropdowns",28,{"type":125,"name":138,"callback":139,"file":127,"line":140},"pre_get_posts","add_tax_queries",29,{"type":130,"name":142,"callback":143,"priority":86,"file":144,"line":145},"post_type_link","entry_permalink","admin\\class-wp-rest-api-log-admin.php",15,{"type":130,"name":147,"callback":143,"priority":86,"file":144,"line":148},"get_edit_post_link",16,{"type":125,"name":126,"callback":150,"priority":86,"file":144,"line":151},"register_scripts",17,{"type":125,"name":126,"callback":153,"priority":154,"file":144,"line":155},"localize_script_data",11,18,{"type":125,"name":157,"callback":157,"file":144,"line":158},"admin_menu",19,{"type":130,"name":160,"callback":160,"file":144,"line":132},"wp_link_query_args",{"type":130,"name":162,"callback":162,"priority":86,"file":144,"line":163},"admin_title",21,{"type":130,"name":165,"callback":166,"priority":86,"file":144,"line":167},"user_has_cap","add_admin_caps",22,{"type":125,"name":169,"callback":170,"file":144,"line":14},"current_screen","maybe_enqueue_scripts",{"type":125,"name":172,"callback":173,"priority":86,"file":144,"line":174},"wp-rest-api-log-entry-property-links","display_entry_property_links",27,{"type":125,"name":176,"callback":177,"file":178,"line":154},"rest_api_init","register_rest_routes","includes\\class-wp-rest-api-log-controller.php",{"type":125,"name":176,"callback":180,"file":178,"line":181},"register_download_routes",12,{"type":130,"name":183,"callback":184,"priority":86,"file":178,"line":185},"rest_pre_serve_request","download_json_pre_serve_request",373,{"type":130,"name":187,"callback":188,"priority":86,"file":189,"line":190},"posts_where","add_where_route","includes\\class-wp-rest-api-log-db.php",25,{"type":130,"name":187,"callback":192,"priority":86,"file":189,"line":136},"add_where_post_id",{"type":125,"name":194,"callback":195,"file":196,"line":190},"ep_add_query_log","WP_REST_API_Log_ElasticPress::log_query","includes\\class-wp-rest-api-log-elasticpress.php",{"type":130,"name":198,"callback":199,"priority":86,"file":196,"line":200},"ep_post_sync_kill","WP_REST_API_Log_ElasticPress::sync_kill",26,{"type":125,"name":202,"callback":203,"file":204,"line":86},"init","register_custom_post_types","includes\\class-wp-rest-api-log-post-type.php",{"type":125,"name":202,"callback":206,"file":207,"line":86},"register_custom_taxonomies","includes\\class-wp-rest-api-log-taxonomies.php",{"type":130,"name":183,"callback":209,"priority":210,"file":211,"line":155},"log_rest_api_response",9999,"includes\\class-wp-rest-api-log.php",{"type":130,"name":213,"callback":214,"priority":86,"file":211,"line":163},"wp-rest-api-log-bypass-insert","bypass_common_routes",{"type":125,"name":126,"callback":216,"file":211,"line":14},"create_purge_cron",{"type":125,"name":218,"callback":219,"file":211,"line":174},"wp-rest-api-log-purge-old-records","purge_old_records",{"type":125,"name":126,"callback":221,"file":222,"line":128},"register_elasticpress_settings","includes\\settings\\class-wp-rest-api-log-settings-elasticpress.php",{"type":130,"name":224,"callback":225,"file":222,"line":226},"wp-rest-api-log-settings-tabs","add_tab",14,{"type":125,"name":126,"callback":228,"file":229,"line":128},"register_general_settings","includes\\settings\\class-wp-rest-api-log-settings-general.php",{"type":130,"name":224,"callback":225,"file":229,"line":226},{"type":125,"name":232,"callback":233,"file":229,"line":145},"admin_notices","display_db_notice",{"type":125,"name":126,"callback":235,"file":236,"line":128},"register_help_settings","includes\\settings\\class-wp-rest-api-log-settings-help.php",{"type":130,"name":224,"callback":225,"file":236,"line":226},{"type":125,"name":126,"callback":239,"file":240,"line":151},"register_routes_settings","includes\\settings\\class-wp-rest-api-log-settings-routes.php",{"type":130,"name":224,"callback":225,"file":240,"line":155},{"type":125,"name":157,"callback":157,"file":243,"line":148},"includes\\settings\\class-wp-rest-api-log-settings.php",{"type":125,"name":232,"callback":245,"file":243,"line":151},"activation_admin_notice",{"type":130,"name":247,"callback":248,"priority":86,"file":243,"line":132},"wp-rest-api-log-setting-is-enabled","filter_setting_is_enabled",{"type":130,"name":250,"callback":251,"priority":86,"file":243,"line":163},"wp-rest-api-log-setting-get","setting_get",{"type":125,"name":253,"callback":253,"priority":116,"file":254,"line":255},"plugins_loaded","wp-rest-api-log.php",108,[257],{"action":258,"nopriv":259,"callback":260,"hasNonce":259,"hasCapCheck":259,"file":229,"line":148},"wp-rest-api-log-db-notice-dismiss",false,"dismiss_db_notice",[],[],[264],{"hook":218,"callback":218,"file":211,"line":265},149,{"dangerousFunctions":267,"sqlUsage":268,"outputEscaping":280,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":301,"bundledLibraries":302},[],{"prepared":269,"raw":270,"locations":271},9,3,[272,275,277],{"file":189,"line":273,"context":274},401,"$wpdb->get_col() with variable interpolation",{"file":189,"line":276,"context":274},406,{"file":278,"line":145,"context":279},"uninstall.php","$wpdb->query() with variable interpolation",{"escaped":281,"rawEcho":282,"locations":283},127,7,[284,288,290,293,295,297,299],{"file":285,"line":286,"context":287},"admin\\partials\\wp-rest-api-log-view-entry.php",62,"raw output",{"file":178,"line":289,"context":287},447,{"file":291,"line":292,"context":287},"includes\\settings\\class-wp-rest-api-log-settings-base.php",121,{"file":291,"line":294,"context":287},172,{"file":291,"line":296,"context":287},235,{"file":291,"line":298,"context":287},236,{"file":243,"line":300,"context":287},123,4,[],[],{"summary":305,"deductions":306},"The \"wp-rest-api-log\" plugin v1.7.0 demonstrates a mixed security posture. On the positive side, the plugin shows strong adherence to secure coding practices with a high percentage of properly escaped outputs and a majority of SQL queries utilizing prepared statements. The absence of dangerous functions, file operations, external HTTP requests, and known vulnerability history are also significant strengths, suggesting a generally well-maintained codebase.  However, the presence of one unprotected AJAX handler stands out as a notable concern. While the total attack surface is small, this single unauthenticated entry point could potentially be exploited if it handles user-supplied data without proper validation or sanitization, despite the lack of critical taint analysis findings in the static scan.  The plugin's vulnerability history being clean is encouraging, but it doesn't entirely negate the risk posed by the unprotected AJAX handler.  Overall, the plugin has a good foundation for security, but the unprotected AJAX endpoint requires careful review and potentially patching to mitigate any latent risks.",[307],{"reason":308,"points":34},"Unprotected AJAX handler found","2026-03-16T18:07:22.316Z",{"wat":311,"direct":318},{"assetPaths":312,"generatorPatterns":314,"scriptPaths":315,"versionParams":316},[313],"\u002Fwp-content\u002Fplugins\u002Fwp-rest-api-log\u002Fadmin\u002Fjs\u002Fwp-rest-api-log-admin.js",[],[313],[317],"wp-rest-api-log\u002Fadmin\u002Fjs\u002Fwp-rest-api-log-admin.js?ver=",{"cssClasses":319,"htmlComments":320,"htmlAttributes":321,"restEndpoints":322,"jsGlobals":324,"shortcodeOutput":326},[],[],[],[323],"\u002Fwp-json\u002Fwp-rest-api-log\u002Fv1\u002F",[325],"wp_rest_api_log_start",[]]