[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fh-RfFL7wbjcSkgioQO816G-tifF7-MgmMAh07lr91UQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":134,"fingerprints":235},"wp-rest-yoast-meta","WP REST Yoast Meta","2025.1.0","Acato","https:\u002F\u002Fprofiles.wordpress.org\u002Facato\u002F","\u003Cp>\u003Cem>This plugin is no longer updated, but is open for adoption\u003C\u002Fem>\u003Cbr \u002F>\nAs of Yoast SEO version 16.7 the functionality provided by this plugin is now \u003Ca href=\"https:\u002F\u002Fdeveloper.yoast.com\u002Fcustomization\u002Fapis\u002Frest-api\u002F\" rel=\"nofollow ugc\">part of the Yoast SEO plugin\u003C\u002Fa> itself. This plugin will no longer be updated, but is open for adoption. If you are interested in adopting this plugin, please contact the authors.\u003C\u002Fp>\n\u003Cp>Are you using WordPress for a headless set-up, using the WP REST API? And would you like to use the Yoast SEO plugin just like you would for any other project? This plugin adds the meta tags generated by the Yoast SEO plugin to the WP REST API output, allowing your headless set-up to implement them. Also when you are using Yoast SEO Premium you have the option to retrieve redirects throught the API: this plugin adds a custom endpoint (\u003Ccode>\u002Fwp-rest-yoast-meta\u002Fv1\u002Fredirects\u003C\u002Fcode>) to provide those redirects in a JSON format. Since Yoast 11.0 JSON LD Schema.org data is also supported and is now also available through the WP REST API when using this plugin.\u003C\u002Fp>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Yoast Meta’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-yoast-meta\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds meta tags as generated by Yoast SEO to the WP REST API. And adds a custom endpoint to retrieve all redirects as they are set in Yoast SEO Premium &hellip;",1000,31743,100,6,"2025-01-23T09:31:00.000Z","5.7.15","4.7","5.4",[20,21,22,23,24],"adopt-me","api","wp-rest","wp-rest-api","yoast","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-yoast-meta.2025.1.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"acato",4,12040,97,107,77,"2026-04-05T16:35:23.962Z",[41,63,83,98,116],{"slug":42,"name":43,"version":44,"author":7,"author_profile":8,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":17,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":28,"last_vuln_date":62,"fetched_at":30},"wp-rest-cache","WP REST Cache","2026.1.3","\u003Cp>Are you facing speed issues, using the WordPress REST API? This plugin will allow WordPress to cache the responses of the REST API, making it much faster.\u003C\u002Fp>\n\u003Cp>This plugin offers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Caching of all default WordPress REST API \u003Ccode>GET\u003C\u002Fcode>-endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) post type endpoints.\u003C\u002Fli>\n\u003Cli>Caching of (custom) taxonomy endpoints.\u003C\u002Fli>\n\u003Cli>Automated flushing of caches if (some of) its contents are edited.\u003C\u002Fli>\n\u003Cli>Manual flushing of all caches.\u003C\u002Fli>\n\u003Cli>Manual flushing of specific caches.\u003C\u002Fli>\n\u003Cli>A counter how many times a cache has been retrieved.\u003C\u002Fli>\n\u003Cli>Specifying after what time the cache should be timed out.\u003C\u002Fli>\n\u003Cli>Registering custom endpoints for caching.\u003C\u002Fli>\n\u003Cli>Automatic cache regeneration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WP REST Cache Pro\u003C\u002Fstrong>\u003Cbr \u002F>\nFor more advanced features, check out our \u003Ca href=\"https:\u002F\u002Fplugins.acato.nl\u002F\" rel=\"nofollow ugc\">WP REST Cache Pro\u003C\u002Fa> plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure custom endpoints for caching through the wp-admin interface.\u003C\u002Fli>\n\u003Cli>Configure relationships within endpoints.\u003C\u002Fli>\n\u003Cli>No coding required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-cache\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Cache plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003Cli>Go to “after activation” below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>After activation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Must-Use’ (or ‘My Sites > Network Admin > Plugins > Must-Use’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Check if the ‘WP REST Cache – Must-Use Plugin’ is there, if not copy the file \u003Ccode>wp-rest-cache.php\u003C\u002Fcode> from the \u003Ccode>\u002Fsources\u003C\u002Fcode> folder of the WP REST Cache Plugin to the folder \u003Ccode>\u002Fwp-content\u002Fmu-plugins\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Optionally:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe default timeout for caches generated by the WP REST Cache plugin is set to 1 year. If you want to change this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Visit ‘Settings > WP REST Cache’.\u003C\u002Fli>\n\u003Cli>Change the Cache timeout.\u003C\u002Fli>\n\u003C\u002Fol>\n","Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.",10000,366709,98,42,"2026-03-03T09:38:00.000Z","6.8.5","7.0",[21,55,56,57,23],"cache","rest","rest-cache","https:\u002F\u002Fwww.acato.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-cache.2026.1.3.zip",94,2,"2026-03-23 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":17,"requires_php":25,"tags":77,"homepage":81,"download_link":82,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-rest-api-log","REST API Log","1.7.0","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>WordPress plugin to log \u003Ca href=\"http:\u002F\u002Fv2.wp-api.org\u002F\" rel=\"nofollow ugc\">REST API\u003C\u002Fa> requests and responses (for v2 of the API).\u003C\u002Fp>\n\u003Cp>Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress admin page to view and search log entries\u003C\u002Fli>\n\u003Cli>API endpoint to access log entries via JSON\u003C\u002Fli>\n\u003Cli>Filters to customize logging\u003C\u002Fli>\n\u003Cli>Custom endpoint logging\u003C\u002Fli>\n\u003Cli>ElasticPress logging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Roadmap\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better search capabilities for log entries via the REST API endpoint\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress plugin to log REST API requests and responses",5000,113000,72,24,"2025-01-02T16:29:00.000Z","6.7.5",[21,78,79,80,23],"json","rest-api","wp-api","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-api-log.1.7.0.zip",{"slug":84,"name":85,"version":86,"author":67,"author_profile":68,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":13,"num_ratings":91,"last_updated":92,"tested_up_to":76,"requires_at_least":93,"requires_php":25,"tags":94,"homepage":96,"download_link":97,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"rest-api-toolbox","REST API Toolbox","1.4.4","\u003Cp>Allows tweaking of several REST API settings\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable the REST API\u003C\u002Fli>\n\u003Cli>Remove WordPress core endpoints\u003C\u002Fli>\n\u003Cli>Require authentication for core endpoints\u003C\u002Fli>\n\u003Cli>Force SSL\u003C\u002Fli>\n\u003Cli>WP-CLI commands: wp rest-api-toolbox\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find us on GitHub at https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-rest-api-toolbox\u003C\u002Fp>\n\u003Cp>(Creative commons toolbox image provided by James Tworow https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fsherlock77\u002F)\u003C\u002Fp>\n","Allows tweaking of several REST API settings",2000,40876,8,"2025-01-02T16:18:00.000Z","4.4",[95,56,79,23],"json-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frest-api-toolbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-api-toolbox.1.4.4.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":89,"downloaded":106,"rating":13,"num_ratings":91,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":25,"tags":110,"homepage":113,"download_link":114,"security_score":115,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-menus","WP API Menus","1.3.2","Fulvio Notarstefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fnekojira\u002F","\u003Cp>This plugin extends the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjson-rest-api\u002F\" rel=\"ugc\">WordPress JSON REST API\u003C\u002Fa> with new routes for WordPress registered menus\u003C\u002Fp>\n\u003Cp>The new routes available will be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fmenus\u003C\u002Fcode> list of every registered menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenus\u002F\u003Cid>\u003C\u002Fcode> data for a specific menu.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u003C\u002Fcode> list of all registered theme locations.\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fmenu-locations\u002F\u003Clocation>\u003C\u002Fcode> data for menu in specified menu in theme location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, the \u003Ccode>menu-locations\u002F\u003Clocation>\u003C\u002Fcode> route for individual menus will return a tree with full menu hierarchy, with correct menu item order and listing children for each menu item. The \u003Ccode>menus\u002F\u003Cid>\u003C\u002Fcode> route will output menu details and a flat array of menu items. Item order or if each item has a parent will be indicated in each item attributes, but this route won’t output items as a tree.\u003C\u002Fp>\n\u003Cp>You can alter the data arrangement of each individual menu items and children using the filter hook \u003Ccode>json_menus_format_menu_item\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An important note on WP API V2:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In V1 the routes are located by default at \u003Ccode>wp-json\u002Fmenus\u002F\u003C\u002Fcode> etc.\u003C\u002Fp>\n\u003Cp>In V2 the routes by default are at \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002F\u003C\u002Fcode> (e.g. \u003Ccode>wp-json\u002Fwp-api-menus\u002Fv2\u002Fmenus\u002F\u003C\u002Fcode>, etc.) since V2 encourages prefixing and version namespacing.\u003C\u002Fp>\n","Extends WordPress WP REST API with new routes pointing to WordPress menus.",107511,"2020-08-18T07:21:00.000Z","5.5.0","3.6.0",[78,111,112,80,23],"json-rest-api","menus","https:\u002F\u002Fgithub.com\u002Fnekojira\u002Fwp-api-menus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-menus.1.3.2.zip",85,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":89,"downloaded":124,"rating":13,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":17,"requires_php":18,"tags":128,"homepage":25,"download_link":133,"security_score":115,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-api-swaggerui","WP API SwaggerUI","1.1.2","agussuroyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fagussuroyo\u002F","\u003Cp>SwaggerUI used to make WordPress REST API endpoint have a interactive UI, so we can check our API endpoint directly from the website it self\u003C\u002Fp>\n\u003Cp>Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for GET, POST, PUT, PATCH and DELETE request method\u003C\u002Fli>\n\u003Cli>Support for Auth Basic authorization method\u003C\u002Fli>\n\u003Cli>Choose which namespace API that will be used on the SwaggerUI\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress REST API with Swagger UI.",63277,11,"2022-07-10T14:14:00.000Z","5.9.13",[129,130,131,132,23],"swaggerui","swaggerui-rest-api","wp-swagger-rest-api","wp-swaggerui","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-api-swaggerui.1.2.0.zip",{"attackSurface":135,"codeSignals":218,"taintFlows":225,"riskAssessment":226,"analyzedAt":234},{"hooks":136,"ajaxHandlers":201,"restRoutes":202,"shortcodes":216,"cronEvents":217,"entryPointCount":61,"unprotectedCount":61},[137,143,149,152,156,160,163,168,171,174,178,181,184,187,192,196],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_notices","requirements_notice","admin\\class-admin.php",63,{"type":138,"name":144,"callback":145,"priority":146,"file":147,"line":148},"wpseo_head","setup_postdata_and_wp_query",1,"frontend\\class-frontend.php",251,{"type":138,"name":150,"callback":145,"priority":146,"file":147,"line":151},"wpseo_opengraph",252,{"type":138,"name":144,"callback":153,"priority":154,"file":147,"line":155},"json_ld",91,259,{"type":138,"name":157,"callback":158,"priority":146,"file":147,"line":159},"wpseo_json_ld","generate",260,{"type":138,"name":144,"callback":161,"priority":146,"file":147,"line":162},"override_query_reset",557,{"type":138,"name":164,"callback":165,"file":166,"line":167},"plugins_loaded","load_plugin_textdomain","includes\\class-plugin.php",82,{"type":138,"name":169,"callback":170,"file":166,"line":36},"admin_init","check_requirements",{"type":138,"name":172,"callback":173,"file":166,"line":49},"init","upgrade",{"type":138,"name":175,"callback":176,"file":166,"line":177},"rest_api_init","wpseo_frontend_head_init",113,{"type":138,"name":175,"callback":179,"file":166,"line":180},"register_redirects_endpoint",115,{"type":138,"name":175,"callback":182,"file":166,"line":183},"register_home_endpoint",116,{"type":138,"name":172,"callback":185,"priority":13,"file":166,"line":186},"register_rest_prepare_hooks",117,{"type":138,"name":188,"callback":189,"priority":190,"file":166,"line":191},"save_post","update_yoast_meta",10,118,{"type":138,"name":193,"callback":194,"file":166,"line":195},"delete_post","delete_yoast_meta",119,{"type":197,"name":198,"callback":199,"priority":190,"file":166,"line":200},"filter","wpseo_frontend_presentation","fix_frontend_presentation",120,[],[203,211],{"namespace":204,"route":205,"methods":206,"callback":208,"permissionCallback":209,"file":147,"line":210},"wp-rest-yoast-meta\u002Fv1","redirects",[207],"GET","return_redirects","__return_true",477,{"namespace":204,"route":212,"methods":213,"callback":214,"permissionCallback":209,"file":147,"line":215},"home",[207],"get_home_yoast_meta",527,[],[],{"dangerousFunctions":219,"sqlUsage":220,"outputEscaping":222,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":224},[],{"prepared":61,"raw":28,"locations":221},[],{"escaped":14,"rawEcho":28,"locations":223},[],[],[],{"summary":227,"deductions":228},"The wp-rest-yoast-meta plugin v2025.1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices in areas like SQL query handling, with all queries utilizing prepared statements. Furthermore, all identified output operations are properly escaped, and the plugin does not engage in file operations or external HTTP requests. The absence of any recorded vulnerabilities or CVEs in its history is also a strong positive indicator. \n\nHowever, significant concerns arise from the static analysis, specifically regarding the attack surface. The plugin exposes two REST API routes that lack permission callbacks, meaning they are unprotected and accessible without authentication. This presents a direct risk, as any unauthenticated user could potentially interact with these endpoints. The lack of any nonce checks across the analyzed code further exacerbates this issue, as it prevents the validation of the request's origin. \n\nWhile the plugin's vulnerability history is clean, the current lack of authentication on its REST API routes is a critical oversight that could lead to future vulnerabilities. The absence of taint analysis results with critical or high severity is somewhat reassuring, but this could be a consequence of the limited attack surface analyzed in that specific regard. In conclusion, while the plugin adheres to good security practices in data handling and output, the unprotected REST API routes represent a substantial and immediate security weakness.",[229,231],{"reason":230,"points":190},"REST API routes without permission callbacks",{"reason":232,"points":233},"No nonce checks present",7,"2026-03-16T19:03:34.430Z",{"wat":236,"direct":245},{"assetPaths":237,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[238,239],"\u002Fwp-content\u002Fplugins\u002Fwp-rest-yoast-meta\u002Fassets\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-rest-yoast-meta\u002Fassets\u002Fjs\u002Fadmin-script.js",[],[239],[243,244],"wp-rest-yoast-meta\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=","wp-rest-yoast-meta\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=",{"cssClasses":246,"htmlComments":247,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":251,"shortcodeOutput":252},[],[],[],[250],"\u002Fwp-json\u002Fwp-rest-yoast-meta\u002F",[],[]]