[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkvBgxZPO1r9gEF342OOlvwWPRskEchtPRjqE9rTkWxs":3,"$fcTfNu1U1BqiD53LMugYIIWdfWCdAmikl1o-HKkjCpVU":181,"$fjql94EFSEPFXNfgGDG91c7EcPFUJyDy2fEZhnmC3bUY":186},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":131,"fingerprints":165},"wp-site-monitor","WP Site Monitor","1.0.0","bwibrew","https:\u002F\u002Fprofiles.wordpress.org\u002Fbwibrew\u002F","\u003Ch3>WP REST API endpoints to help manage sites remotely\u003C\u002Fh3>\n\u003Cp>All additional endpoints are under the \u003Ccode>wp-site-monitor\u002Fv1\u002F\u003C\u002Fcode> namespace.\u003Cbr \u002F>\ne.g. \u003Ccode>https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwp-site-monitor\u002Fv1\u002Fwp-version\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Additional endpoints\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>wp-version\u003C\u002Fcode> returns the current version of wordpress as a string.\u003C\u002Fp>\n\u003Cp>Example output: \u003Ccode>\"4.9.2\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>plugins\u003C\u002Fcode> returns a JSON object listing installed plugins with the plugin details.\u003C\u002Fp>\n\u003Cp>Example output:\u003Cbr \u002F>\n  \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"wp-super-cache\u002Fwp-cache.php\": {\u003Cbr \u002F>\n      \"Name\": \"WP Super Cache\",\u003Cbr \u002F>\n      \"PluginURI\": \"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-super-cache\u002F\",\u003Cbr \u002F>\n      \"Version\": \"1.5.9\",\u003Cbr \u002F>\n      \"Description\": \"Very fast caching plugin for WordPress.\",\u003Cbr \u002F>\n      \"Author\": \"Automattic\",\u003Cbr \u002F>\n      \"AuthorURI\": \"https:\u002F\u002Fautomattic.com\u002F\",\u003Cbr \u002F>\n      \"TextDomain\": \"wp-super-cache\",\u003Cbr \u002F>\n      \"DomainPath\": \"\",\u003Cbr \u002F>\n      \"Network\": false,\u003Cbr \u002F>\n      \"Title\": \"WP Super Cache\",\u003Cbr \u002F>\n      \"AuthorName\": \"Automattic\",\u003Cbr \u002F>\n      \"Active\": true\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  \"wordpress-seo\u002Fwp-seo.php\": {\u003Cbr \u002F>\n      \"Name\": \"Yoast SEO\",\u003Cbr \u002F>\n      \"PluginURI\": \"https:\u002F\u002Fyoa.st\u002F1uj\",\u003Cbr \u002F>\n      \"Version\": \"6.1.1\",\u003Cbr \u002F>\n      \"Description\": \"The first true all-in-one SEO solution for WordPress, including on-page content analysis, XML sitemaps and much more.\",\u003Cbr \u002F>\n      \"Author\": \"Team Yoast\",\u003Cbr \u002F>\n      \"AuthorURI\": \"https:\u002F\u002Fyoa.st\u002F1uk\",\u003Cbr \u002F>\n      \"TextDomain\": \"wordpress-seo\",\u003Cbr \u002F>\n      \"DomainPath\": \"\u002Flanguages\u002F\",\u003Cbr \u002F>\n      \"Network\": false,\u003Cbr \u002F>\n      \"Title\": \"Yoast SEO\",\u003Cbr \u002F>\n      \"AuthorName\": \"Team Yoast\",\u003Cbr \u002F>\n      \"Active\": true\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Options are provided in the WP Site Monitor settings menu to toggle individual endpoints.\u003C\u002Fp>\n","Extends official WP REST API to provide extra endpoints to help manage sites remotely.",20,1261,0,"2018-02-04T10:18:00.000Z","4.9.29","4.7","5.6",[19,20,21,22,23],"admin","api","remote-administration","rest","rest-api","https:\u002F\u002Fgithub.com\u002FBWibrew\u002FWP-Site-Monitor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-site-monitor.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-05-20T00:36:01.875Z",[37,56,73,92,112],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,758515,96,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9",[19,20,53,22,23],"json","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":16,"requires_php":68,"tags":69,"homepage":71,"download_link":72,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"turn-off-rest-api","Turn Off REST API","1.0.4","ksym04","https:\u002F\u002Fprofiles.wordpress.org\u002Fksym04\u002F","\u003Cp>Turn off JSON REST API on your website to anonymous users and prevent unauthorized requests from using the REST API to get information from your website.\u003C\u002Fp>\n\u003Cp>Since the release of WordPress 4.0 came out, there have been a lot of hackers exploiting the vulnerabilities of the REST API. By installing this plugin, you will effectively prevent and disable the use of REST API from unauthorized users and protect the information on your website from being accessible. If someone tries to access the REST API on your site, the plugin will return an authentication error on the API endpoints, for any unauthorized users trying to access it.\u003C\u002Fp>\n\u003Cp>While WordPress REST API vulnerability exploits continue this plugin effectively prevent and disable the used of REST API from accessing information from your website, this plugin return authentication error and disable all endpoints for any user not logged in on your website.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English (en_US)\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevents unauthorized requests from using the WP REST API.",100,2522,"2020-07-01T02:51:00.000Z","5.4.19","",[19,20,70,53,22],"disable-rest-api","https:\u002F\u002Fwww.dopethemes.com\u002Fdownloads\u002Fturn-off-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturn-off-rest-api.1.0.4.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":68,"tags":88,"homepage":90,"download_link":91,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-custom-rest-api-generator","WP Custom REST API Generator","1.0.5","centangle","https:\u002F\u002Fprofiles.wordpress.org\u002Fcentangle\u002F","\u003Cp>WP Custom REST API Generator plugin provides an interface in WordPress Admin panel, which provides control to the user to show\u002Fhide Author Meta, Featured Image, Custom Fields and Taxonomies of all available Post Types for WordPress Rest API.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>WP Custom REST API Generator comes with the following features;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author Meta i:e. Author Name, Author Description, Author User Level, Author Avatar.\u003C\u002Fli>\n\u003Cli>Featured Image with defined sized i:e. Small, Medium, Large, Full etc.\u003C\u002Fli>\n\u003Cli>Custom Fields i:e. Fields defined by user for individual posts of different Post Types.\u003C\u002Fli>\n\u003Cli>Taxonomies i:e. Default and Custom Taxonomies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Automatic installation\u003C\u002Fh3>\n\u003Cp>Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of this plugin, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.\u003C\u002Fp>\n\u003Cp>In the search field type “WP Custom REST API Generator” and click Search Plugins. Once you’ve found this plugin, you can install it by simply clicking “Install Now”.\u003C\u002Fp>\n\u003Ch3>Manual installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the WP Custom REST API Generator plugin\u003C\u002Fli>\n\u003Cli>Upload the entire wp-custom-rest-api-generator\u002F directory to the \u002Fwp-content\u002Fplugins\u002F directory\u003C\u002Fli>\n\u003Cli>Activate the WP Custom REST API Generator plugin through the Plugins menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Customize the WP Custom REST API Generator settings at the administration menu >> Settings >> WP Custom REST API Generator\u003C\u002Fp>\n","WP Custom REST API Generator plugin enables the user to show\u002Fhide varied meta information of Posts in WordPress REST API.",70,4631,90,2,"2022-03-20T22:23:00.000Z","5.9.13","5.0",[19,20,22,23,89],"wp-api","https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwp-custom-rest-api-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-rest-api-generator.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":68,"download_link":111,"security_score":64,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"core-feature-control","Core Feature Control","1.0","Galaxy Weblinks","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxyweblinks\u002F","\u003Cp>\u003Cstrong>Core Feature Control\u003C\u002Fstrong> is the all-in-one solution for site owners who want to fine-tune their WordPress installation and eliminate unnecessary “bloat.”\u003C\u002Fp>\n\u003Cp>WordPress is incredibly flexible, but not every site needs every single feature that comes with the core software. By turning off unused functions, you can reduce server requests, close potential security holes, and simplify the user interface for yourself or your clients.\u003C\u002Fp>\n\u003Cp>Our intuitive settings panel, located at \u003Cstrong>Settings -> Disable Features\u003C\u002Fstrong>, gives you full control with a simple click. From disabling auto-update emails and post revisions to removing the Admin Footer and Screen Options, you have the power to create a faster, more secure, and more efficient WordPress environment.\u003C\u002Fp>\n\u003Ch3>Key benefits of using this plugin include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Improved Performance:\u003C\u002Fstrong> Disable features like Dashicons on the front end to reduce resource loading and speed up your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security:\u003C\u002Fstrong> Harden your site by disabling the built-in Plugin and Theme Editor, preventing unauthorized code changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined Admin:\u003C\u002Fstrong> Clean up the dashboard by removing distracting elements such as the “Howdy” greeting in the admin bar and the “Help” tabs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Total Control:\u003C\u002Fstrong> Manage essential functions like WordPress updates, Privacy Tools, and the REST API from a single, centralized location.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Core Feature Control\u003C\u002Fstrong> is a must-have for anyone serious about optimizing their WordPress site. It’s built with clean, efficient code and won’t weigh down your site.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Comprehensive disabling of numerous core functions.\u003C\u002Fli>\n\u003Cli>Intuitive and easy-to-use admin panel.\u003C\u002Fli>\n\u003Cli>Security hardening by disabling sensitive editors and APIs.\u003C\u002Fli>\n\u003Cli>Performance optimization by removing unnecessary scripts.\u003C\u002Fli>\n\u003Cli>Dashboard and admin bar cleanup for a better user experience.\u003C\u002Fli>\n\u003Cli>Lightweight, with minimal impact on site performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s a link to the documentation for the plugin. This will help you learn more about its features and how to use it.\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fwp-plugins\u002Fcore-feature-control\u002Fdoc\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For any feedback or queries regarding this plugin, please contact our \u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Support team\u003C\u002Fa>.\u003C\u002Fp>\n","Take control of your site. Disable unnecessary WordPress core functions to boost security, improve performance, and clean up your admin dashboard.",60,258,"2025-09-29T12:17:00.000Z","6.8.5","6.2","7.4",[107,108,109,110,23],"admin-dashboard","core-control","disable","disable-core-feature","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-feature-control.1.0.zip",{"slug":113,"name":114,"version":6,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":13,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":120,"tested_up_to":121,"requires_at_least":104,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":130},"administrator-only","Administrator Only – Protect Your Site From Unauthorized Users","Sorin Marta","https:\u002F\u002Fprofiles.wordpress.org\u002Fsorinmarta\u002F","\u003Cp>Administrator Only allows you to protect your front end pages or your REST API routes with just a few clicks.\u003C\u002Fp>\n\u003Cp>You can simply configure the plugin to enable the redirection, add the URL the unauthorized users should be redirected to and if you need to, select which pages should not be protected.\u003C\u002Fp>\n\u003Cp>If you enjoy using the plugin don’t forget to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftadamuscom\u002Fadministrator-only\" rel=\"nofollow ugc\">⭐ star it on Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also if you have any questions, don’t hesitate to ask it in the forum or \u003Ca href=\"https:\u002F\u002Ftadamus.com\u002Fcontact\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n","Enable redirects for your front end pages or your REST API routes with a few clicks.",662,"2024-07-05T11:06:00.000Z","6.6.5","8.0",[113,124,125,126],"hide-content","protect-the-rest-api","protect-your-site","https:\u002F\u002Fgithub.com\u002Ftadamuscom\u002Fadministrator-only","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadministrator-only.zip",92,"2026-04-06T09:54:40.288Z",{"attackSurface":132,"codeSignals":149,"taintFlows":157,"riskAssessment":158,"analyzedAt":164},{"hooks":133,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":13,"unprotectedCount":13},[134,139,142],{"type":135,"name":136,"callback":137,"file":138,"line":83},"action","admin_init","anonymous","src\\class-wp-site-monitor.php",{"type":135,"name":140,"callback":137,"file":138,"line":141},"admin_menu",91,{"type":135,"name":143,"callback":137,"file":138,"line":144},"rest_api_init",97,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":153,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":84,"bundledLibraries":156},[],{"prepared":13,"raw":13,"locations":152},[],{"escaped":154,"rawEcho":13,"locations":155},18,[],[],[],{"summary":159,"deductions":160},"The \"wp-site-monitor\" v1.0.0 plugin exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points suggests a minimal attack surface. Furthermore, the code signals indicate good development practices, with no dangerous functions, all SQL queries utilizing prepared statements, and all output properly escaped. The absence of file operations, external HTTP requests, and evident taint flows further contribute to its secure design. The plugin also implements capability checks, which is a positive security measure.\n\nHowever, the complete lack of nonce checks (0) across all entry points, even though the attack surface is currently zero, represents a potential future risk. If functionality were to be added later that utilized AJAX or other forms of user interaction, the absence of nonce checks could expose the plugin to Cross-Site Request Forgery (CSRF) vulnerabilities. The vulnerability history being entirely clear is a positive indicator, suggesting the plugin has historically been maintained with security in mind or has not been a target for widespread exploitation. Overall, the current version of \"wp-site-monitor\" appears very secure due to its limited functionality and adherence to secure coding principles, but the lack of nonce checks warrants attention for future development.",[161],{"reason":162,"points":163},"No nonce checks implemented",5,"2026-03-16T23:16:00.939Z",{"wat":166,"direct":172},{"assetPaths":167,"generatorPatterns":169,"scriptPaths":170,"versionParams":171},[168],"\u002Fwp-content\u002Fplugins\u002Fwp-site-monitor\u002Fvendor\u002Fcomposer\u002Finstallers\u002Fsrc\u002FComposer\u002FInstallers",[],[],[],{"cssClasses":173,"htmlComments":174,"htmlAttributes":175,"restEndpoints":176,"jsGlobals":179,"shortcodeOutput":180},[],[],[],[177,178],"wp-site-monitor\u002Fv1\u002Fwp-version","wp-site-monitor\u002Fv1\u002Fplugins",[],[],{"error":182,"url":183,"statusCode":184,"statusMessage":185,"message":185},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-site-monitor\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":84,"versions":187},[188,194],{"version":6,"download_url":25,"svn_tag_url":189,"released_at":27,"has_diff":190,"diff_files_changed":191,"diff_lines":27,"trac_diff_url":192,"vulnerabilities":193,"is_current":182},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-site-monitor\u002Ftags\u002F1.0.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-site-monitor%2Ftags%2F0.1.0&new_path=%2Fwp-site-monitor%2Ftags%2F1.0.0",[],{"version":195,"download_url":196,"svn_tag_url":197,"released_at":27,"has_diff":190,"diff_files_changed":198,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":199,"is_current":190},"0.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-site-monitor.0.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-site-monitor\u002Ftags\u002F0.1.0\u002F",[],[]]