[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftYM3uhYyf_i_aAP9NvHeDEkbTVPRn_suzxB9e0iIZC4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":116,"fingerprints":175},"wp-rest-api-v2-menus","WP-REST-API V2 Menus","0.12.1","thebatclaudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaudiolabarbera\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress REST API (Version 2)\u003C\u002Fa> with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u003C\u002Fcode> list of every registered menu location in your theme.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002Fv1\u002Flocations\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compatible with ACF menu’s custom attributes and menu item’s custom attributes.\u003C\u002Fp>\n\u003Cp>Compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmenu-image\u002F\" rel=\"ugc\">Menu Image, Icons made easy\u003C\u002Fa>.\u003C\u002Fp>\n","Adding menus endpoints on WP REST API v2",3000,164931,100,6,"2022-11-09T13:29:00.000Z","6.0.11","4.4","",[20,21,22,23,24],"api","json","json-rest-api","menu-routes","menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-v2-menus.0.12.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"claudiolabarbera",1,30,84,"2026-04-04T14:01:01.233Z",[38,51,70,87,102],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":10,"active_installs":27,"downloaded":45,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":46,"requires_at_least":17,"requires_php":18,"tags":47,"homepage":48,"download_link":49,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":50},"tutexp-rest-api-menu","Tutexp Rest Api Menu","1.0.0","tapos007","https:\u002F\u002Fprofiles.wordpress.org\u002Ftapos007\u002F","\u003Cp>This plugin extends the WordPress REST API  with new routes for WordPress registered menus.\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[website_name]\u002Fwp-json\u002Fmenus\u002Fv2\u002Fmenus\u002F\u003Cslug>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003C\u002Ful>\n",1139,"4.8.28",[20,21,22,23,24],"http:\u002F\u002Ftutexp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftutexp-rest-api-menu.zip","2026-03-15T10:48:56.248Z",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",2000,107511,8,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[21,22,24,66,67],"wp-api","wp-rest-api","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":27,"num_ratings":27,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":85,"download_link":86,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-rest-api-menus","WP-REST-API Menus","1.0","jcdev518","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcdev518\u002F","\u003Cp>This plugin adds “routes” or “endpoints” to WP REST API that allows for retrieval of\u003Cbr \u002F>\nmenu data as JSON.\u003C\u002Fp>\n\u003Cp>Updated port of “WP-REST-API V2 Menus” by Claudio La Barbera (http:\u002F\u002Fwww.claudiolabarbera.com)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get all registered menus:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Get menu data as JSON from menu slug:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>GET \u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fwp-menus\u002Fv1\u002Fmenus\u002F{slug}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Gets the contents of a registered menu by its “slug”.\u003C\u002Fp>\n\u003Cp>When assigning a menu a location in \u002Fwp-admin\u002Fnav-menus.php?action=locations\u003Cbr \u002F>\nthe slug is the name of the menu in lowercase and without any spaces like a post slug.\u003C\u002Fp>\n\u003Cp>If your menu name is Main Menu:\u003Cbr \u002F>\nhttps:\u002F\u002Fyourwpsite.com\u002Fwp-json\u002Fmenus\u002Fv1\u002Fwp-menus\u002Fmain-menu\u003C\u002Fp>\n","Adds menu endpoints to core WP REST API.",70,2395,"2018-03-26T22:33:00.000Z","4.9.29","4.7.0","5.6",[21,22,24,66,67],"https:\u002F\u002Fwww.amorphouswebsolutions.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-menus.zip",{"slug":88,"name":89,"version":73,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":46,"requires_at_least":17,"requires_php":18,"tags":96,"homepage":100,"download_link":101,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":50},"json-rest-api-subscriptions","JSON REST API Subscriptions","Taylor Lovett","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlovett1\u002F","\u003Cp>If you are publishing content and have users\u002Fwebsites digesting your content, you may have been faced with the problem: how do I get updates to users immediately? In the past users\u002Fwebsites have subscribed to feeds or used techniques like “polling” to constantly ping your site for new content. Both these techniques are cumbersome and old fashioned. JSON REST API Subscriptions creates new API endpoints to allow people to subscribe to new content, content updates, and content deletes across general post types as well as single pieces of content.\u003C\u002Fp>\n\u003Cp>Requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">JSON REST API 2.0beta12+\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For details on the plugin and extended usage\u002Finstallation documentation, please visit \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Configuring and Using the Plugin\u003C\u002Fh3>\n\u003Cp>Please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa> for detailed configuration instructions.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For full documentation, questions, feature requests, and support concerning JSON REST API Subscriptions, please refer to \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftlovett1\u002Fjson-rest-api-subscriptions\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Enable subscriptions to posts, pages, and custom post types. Users can securely subscribe via simple API routes to created\u002Fupdated\u002Fdeleted content.",10,2671,[97,22,98,99,66],"api-webhooks","rest-api","webhooks","http:\u002F\u002Fwww.taylorlovett.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-rest-api-subscriptions.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":94,"downloaded":110,"rating":27,"num_ratings":27,"last_updated":111,"tested_up_to":112,"requires_at_least":64,"requires_php":18,"tags":113,"homepage":18,"download_link":115,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-api-v2-woocommerce-endpoints","WP API (V2) WooCommerce endpoints","1.0.2","Oleg Kostin","https:\u002F\u002Fprofiles.wordpress.org\u002Foleg2tor\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new endpoints for WooCommerce (is_shop, is_cart, is_checkout, is_account_page) page functions\u003C\u002Fp>\n","Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).",1916,"2016-04-26T00:10:00.000Z","4.5.33",[21,22,114,66,67],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-v2-woocommerce-endpoints.zip",{"attackSurface":117,"codeSignals":153,"taintFlows":161,"riskAssessment":162,"analyzedAt":174},{"hooks":118,"ajaxHandlers":125,"restRoutes":126,"shortcodes":150,"cronEvents":151,"entryPointCount":152,"unprotectedCount":152},[119],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","rest_api_init","closure","wp-rest-api-v2-menus.php",264,[],[127,135,140,145],{"namespace":128,"route":129,"methods":130,"callback":132,"permissionCallback":133,"file":123,"line":134},"menus\u002Fv1","\u002Fmenus",[131],"GET","wp_api_v2_menus_get_all_menus","__return_true",265,{"namespace":128,"route":136,"methods":137,"callback":138,"permissionCallback":133,"file":123,"line":139},"\u002Fmenus\u002F(?P\u003Cid>[a-zA-Z0-9_-]+)",[131],"wp_api_v2_menus_get_menu_data",271,{"namespace":128,"route":141,"methods":142,"callback":143,"permissionCallback":133,"file":123,"line":144},"\u002Flocations\u002F(?P\u003Cid>[a-zA-Z0-9_-]+)",[131],"wp_api_v2_locations_get_menu_data",277,{"namespace":128,"route":146,"methods":147,"callback":148,"permissionCallback":133,"file":123,"line":149},"\u002Flocations",[131],"wp_api_v2_menu_get_all_locations",283,[],[],4,{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":157,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":160},[],{"prepared":27,"raw":27,"locations":156},[],{"escaped":158,"rawEcho":27,"locations":159},2,[],[],[],{"summary":163,"deductions":164},"The 'wp-rest-api-v2-menus' plugin version 0.12.1 exhibits a concerning security posture primarily due to its exposed attack surface. The static analysis reveals a significant number of REST API routes that lack any permission callbacks, meaning they are accessible without proper authentication or authorization checks. This creates a direct pathway for potential attackers to interact with plugin functionalities, even if the plugin itself doesn't handle dangerous functions or SQL queries directly. The absence of nonce checks and capability checks further exacerbates this risk, leaving these endpoints vulnerable to various attacks like unauthorized data access or manipulation if the endpoints themselves perform sensitive operations.\n\nDespite the identified issues with the attack surface, the plugin demonstrates good practices in other areas. There are no dangerous functions being used, all SQL queries are prepared statements, and output escaping is handled correctly, indicating a degree of care in preventing common code execution and injection vulnerabilities. The vulnerability history is also clean, with no recorded CVEs, suggesting that this specific version (and potentially previous ones) has not been publicly exploited or found to have critical flaws. However, the lack of historical vulnerabilities could also be attributed to the plugin not having a large user base or being extensively tested for security. The primary weakness remains the open REST API endpoints, which, without further context on what these endpoints do, represent a significant potential risk.",[165,167,169,172],{"reason":166,"points":94},"REST API routes without permission callbacks",{"reason":168,"points":94},"Total unprotected entry points",{"reason":170,"points":171},"No nonce checks on entry points",5,{"reason":173,"points":171},"No capability checks on entry points","2026-03-16T18:19:12.775Z",{"wat":176,"direct":182},{"assetPaths":177,"generatorPatterns":179,"scriptPaths":180,"versionParams":181},[178],"\u002Fwp-content\u002Fplugins\u002Fwp-rest-api-v2-menus\u002Fwp-rest-api-v2-menus.php",[],[],[],{"cssClasses":183,"htmlComments":184,"htmlAttributes":185,"restEndpoints":186,"jsGlobals":190,"shortcodeOutput":191},[],[],[],[187,188,189],"\u002Fwp-json\u002Fmenus\u002Fv1\u002Fmenus","\u002Fwp-json\u002Fmenus\u002Fv1\u002Fmenus\u002F(?P\u003Cid>[a-zA-Z0-9_-]+)","\u002Fwp-json\u002Fmenus\u002Fv1\u002Flocations\u002F(?P\u003Cid>[a-zA-Z0-9_-]+)",[],[]]