[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjpeUXo1lPFt3rULbbsqTlTYHLF9KRQivRebpBjpYB9I":3,"$frTkSq9OREKET7SDulDlfAu5v6M9enEv3lNYH4kEEmYU":165,"$f9xSu2eTVEbpKf-mpUQMn2Q__Rd7JSpmXA1DDEpiy640":170},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":116,"fingerprints":150},"wp-rest-api-menus","WP-REST-API Menus","1.0","jcdev518","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcdev518\u002F","\u003Cp>This plugin adds “routes” or “endpoints” to WP REST API that allows for retrieval of\u003Cbr \u002F>\nmenu data as JSON.\u003C\u002Fp>\n\u003Cp>Updated port of “WP-REST-API V2 Menus” by Claudio La Barbera (http:\u002F\u002Fwww.claudiolabarbera.com)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all registered menus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Get menu data as JSON from menu slug:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Gets the contents of a registered menu by its “slug”.\u003C\u002Fp>\n\u003Cp>When assigning a menu a location in \u002Fwp-admin\u002Fnav-menus.php?action=locations\u003Cbr \u002F>\nthe slug is the name of the menu in lowercase and without any spaces like a post slug.\u003C\u002Fp>\n\u003Cp>If your menu name is Main Menu:\u003Cbr \u002F>\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fmenus\u002Fv1\u002Fwp-menus\u002Fmain-menu\u003C\u002Fp>\n","Adds menu endpoints to core WP REST API.",70,2461,0,"2018-03-26T22:33:00.000Z","4.9.29","4.7.0","5.6",[19,20,21,22,23],"json","json-rest-api","menus","wp-api","wp-rest-api","https:\u002F\u002Fwww.amorphouswebsolutions.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-menus.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-05-20T01:11:16.604Z",[37,56,71,82,96],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107964,100,8,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0","",[19,20,21,22,23],"https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":51,"requires_php":52,"tags":68,"homepage":52,"download_link":70,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-api-v2-woocommerce-endpoints","WP API (V2) WooCommerce endpoints","1.0.2","Oleg Kostin","https:\u002F\u002Fprofiles.wordpress.org\u002Foleg2tor\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new endpoints for WooCommerce (is_shop, is_cart, is_checkout, is_account_page) page functions\u003C\u002Fp>\n","Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).",10,1960,"2016-04-26T00:10:00.000Z","4.5.33",[19,20,69,22,23],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-v2-woocommerce-endpoints.zip",{"slug":72,"name":73,"version":74,"author":60,"author_profile":61,"description":75,"short_description":76,"active_installs":64,"downloaded":77,"rating":47,"num_ratings":32,"last_updated":78,"tested_up_to":67,"requires_at_least":51,"requires_php":52,"tags":79,"homepage":52,"download_link":81,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-rest-api-options","WP API Options","1.0.1","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress options\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress options.",2701,"2016-05-09T14:08:00.000Z",[19,20,80,22,23],"options","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-options.zip",{"slug":83,"name":84,"version":74,"author":60,"author_profile":61,"description":85,"short_description":86,"active_installs":64,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":51,"requires_php":52,"tags":90,"homepage":52,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-rest-api-v2-isfront","WP API (V2) isFront","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new endpoints for WordPress isFront pages attribute\u003C\u002Fp>\n","Extends WordPress WP REST API (V2) with new endpoints pointing to WordPress isFront function.",1337,"2016-03-24T22:43:00.000Z","4.4.34",[91,92,93,19,20,94,22,23],"api","is-front","isfront","rest","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-v2-isfront.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":52,"tags":111,"homepage":113,"download_link":114,"security_score":115,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-rest-api-log","REST API Log","1.7.0","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>WordPress plugin to log \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa> requests and responses (for v2 of the API).\u003C\u002Fp>\n\u003Cp>Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress admin page to view and search log entries\u003C\u002Fli>\n\u003Cli>API endpoint to access log entries via JSON\u003C\u002Fli>\n\u003Cli>Filters to customize logging\u003C\u002Fli>\n\u003Cli>Custom endpoint logging\u003C\u002Fli>\n\u003Cli>ElasticPress logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Roadmap\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better search capabilities for log entries via the REST API endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin to log REST API requests and responses",5000,114125,72,24,"2025-01-02T16:29:00.000Z","6.7.5","4.7",[91,19,112,22,23],"rest-api","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-log.1.7.0.zip",92,{"attackSurface":117,"codeSignals":129,"taintFlows":136,"riskAssessment":137,"analyzedAt":149},{"hooks":118,"ajaxHandlers":125,"restRoutes":126,"shortcodes":127,"cronEvents":128,"entryPointCount":13,"unprotectedCount":13},[119],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","rest_api_init","wp_rest_api_menus_initialize","wp-rest-api-menus.php",35,[],[],[],[],{"dangerousFunctions":130,"sqlUsage":131,"outputEscaping":133,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":135},[],{"prepared":13,"raw":13,"locations":132},[],{"escaped":13,"rawEcho":13,"locations":134},[],[],[],{"summary":138,"deductions":139},"Based on the provided static analysis and vulnerability history, the wp-rest-api-menus v1.0 plugin exhibits a strong security posture. The code analysis indicates an absence of dangerous functions, file operations, external HTTP requests, and critical taint flows.  All SQL queries utilize prepared statements, and all output is properly escaped. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting a proactive approach to security or a lack of past exploitable issues.\n\nHowever, the analysis reveals a complete lack of any security checks, including AJAX handlers, REST API routes, nonce checks, and capability checks. While the current version has a small attack surface and no identified vulnerabilities, this absence of fundamental security mechanisms presents a significant concern. Should any new functionality be added or if an attacker finds a way to introduce data into the system that can be processed without these checks, it could lead to immediate and severe vulnerabilities. The plugin's strengths lie in its clean code and lack of known vulnerabilities, but its weakness is the complete oversight of essential security controls.\n\nIn conclusion, while the plugin appears secure for its current functionality and version due to the lack of exploitable code patterns and no known vulnerabilities, the complete absence of any authentication or authorization checks on potential entry points is a critical architectural flaw. This makes it highly susceptible to future security breaches if new features are added or if the attack surface expands without implementing proper security measures. The plugin's current \"security\" relies more on its limited scope than on robust security design.",[140,143,145,147],{"reason":141,"points":142},"No capability checks on entry points",15,{"reason":144,"points":142},"No nonce checks on entry points",{"reason":146,"points":142},"No permission callbacks on REST API routes",{"reason":148,"points":142},"No auth checks on AJAX handlers","2026-03-16T21:31:23.743Z",{"wat":151,"direct":156},{"assetPaths":152,"generatorPatterns":153,"scriptPaths":154,"versionParams":155},[],[],[],[],{"cssClasses":157,"htmlComments":158,"htmlAttributes":159,"restEndpoints":160,"jsGlobals":163,"shortcodeOutput":164},[],[],[],[161,162],"\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus","\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F(?P\u003Cid>[a-zA-Z(-]+)",[],[],{"error":166,"url":167,"statusCode":168,"statusMessage":169,"message":169},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-rest-api-menus\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":171},[]]