[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFktN9UN7r8T-P4h3b67SbxnPc5sNLN2qVychxKZ_FxQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":72,"analysis":171,"fingerprints":417},"wpgetapi","WPGet API – Connect to any external REST API","2.25.4","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>Connect WordPress to external APIs, without code.\u003C\u002Fp>\n\u003Cp>Easily send data to any API and get data from unlimited 3rd party REST APIs. Format and display the returned data on your WordPress website using a shortcode or a template tag.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FX50qINEs1yo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>WPGet API supports virtually all authentication methods including API keys, bearer tokens, basic auth, username\u002Fpassword and \u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 authorization\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cp>View our live examples of connecting to several different APIs and displaying the data in various unique ways including charts, graphs, tables and weather forecasts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdemo-connecting-wordpress-to-external-api\u002F?utm_campaign=Demo&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">LIVE EXAMPLES – Connecting WordPress to external APIs\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Major Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Connect your WordPress website to any REST API\u003C\u002Fli>\n\u003Cli>Unlimited APIs & endpoints\u003C\u002Fli>\n\u003Cli>No coding required\u003C\u002Fli>\n\u003Cli>Display API data using a template tag or shortcode\u003C\u002Fli>\n\u003Cli>GET, POST, PUT, PATCH & DELETE methods\u003C\u002Fli>\n\u003Cli>Add query string, header & body parameters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>We have tons of articles and help available.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fquick-start-guide\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Quick Start Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fstep-by-step-example\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Step by Step Example\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Ffrequently-asked-questions\u002F?utm_campaign=Docs&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Frequently Asked Questions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwill-this-work-with-my-api\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Will this work with my API?\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Extending WPGet API\u003C\u002Fh3>\n\u003Ch4>PRO Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fpro-plugin\u002F?utm_campaign=Pro&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">PRO Plugin\u003C\u002Fa>\u003C\u002Fstrong> provides many extra features that allow you to do some more advanced things with your APIs. Features of the PRO Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Actions – automate your API when an action happens on your site\u003C\u002Fli>\n\u003Cli>Tokens – grab dynamic data without code and send to your API\u003C\u002Fli>\n\u003Cli>Dynamic variables – a PHP solution for grabbing dynamic values\u003C\u002Fli>\n\u003Cli>Chain API calls\u003C\u002Fli>\n\u003Cli>Cache API calls\u003C\u002Fli>\n\u003Cli>Format API data into HTML\u003C\u002Fli>\n\u003Cli>Retrieve nested data\u003C\u002Fli>\n\u003Cli>Base64 encoded auth\u003C\u002Fli>\n\u003Cli>XML format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API to Posts Plugin\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Fapi-to-posts\u002F?utm_campaign=APItoPosts&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">API to Posts Plugin\u003C\u002Fa>\u003C\u002Fstrong> allows you to import API data and create WooCommerce products or custom posts from this API data. Features of the API to Posts Plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import API data\u003C\u002Fli>\n\u003Cli>Import from unlimited endpoints\u003C\u002Fli>\n\u003Cli>Map API data to WordPress fields\u003C\u002Fli>\n\u003Cli>Supports custom fields, ACF, tags, categories, custom taxonomies, images and more\u003C\u002Fli>\n\u003Cli>Supports all standard WooCommerce fields\u003C\u002Fli>\n\u003Cli>Create WooCommerce products from API data\u003C\u002Fli>\n\u003Cli>Sync API to WooCommerce products & posts\u003C\u002Fli>\n\u003Cli>Set interval of sync from every minutes up to once a week\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>OAuth 2.0 Authorization\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdownloads\u002Foauth-2-0-authentication\u002F?utm_campaign=OAuth&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">OAuth 2.0 Authorization\u003C\u002Fa>\u003C\u002Fstrong> plugin allows authorization of your API through the OAuth 2.0 method.\u003C\u002Fp>\n\u003Ch3>WPGet API Integrations\u003C\u002Fh3>\n\u003Cp>WPGet API integrates extremely well with other WordPress plugins, allowing you to do some very cool things with your API. Click the links below for more info on these integrations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fconnect-woocommerce-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fwoocommerce-api-product-sync\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WooCommerce API Product Sync\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-contact-form-7-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Contact Form 7 send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-wpforms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">WPForms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fsend-gravity-forms-data-to-api\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Gravity Forms send data to API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpgetapi.com\u002Fdocs\u002Fusing-with-wpdatatables\u002F?utm_campaign=Integrations&utm_medium=wporg&utm_source=readme\" rel=\"nofollow ugc\">Charts & Tables from API data using wpDataTables\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translating WPGet API\u003C\u002Fh3>\n\u003Cp>You can translate WPGet API into your own language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwpgetapi\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Here is an article to help \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Ftranslating\u002Ffirst-steps\u002F\" rel=\"nofollow ugc\">get started with translations\u003C\u002Fa>\u003C\u002Fp>\n","Connect any REST API to WordPress. WPGet API enables easy API integration, allowing you to display API data without any code.",10000,245936,100,32,"2025-11-12T16:22:00.000Z","6.9.4","5.6","7.2",[20,21,22,23,24],"api","endpoint","external-api","json","rest","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpgetapi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpgetapi.2.25.4.zip",99,2,0,"2025-03-06 20:56:52","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-13857","wpget-api-authenticated-administrator-server-side-request-forgery","WPGet API \u003C= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery","The WPGet API – Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",null,"\u003C=2.2.10","2.25.1","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-03-07 09:21:16",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd2a8e7b-6fca-49f3-ba6d-bdaa418f611a?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"WF-39003835-80df-49c7-982a-346bf328565c-wpgetapi","wpgetapi-authenticated-subscriber-arbitrary-options-update","WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update","The WPGetAPI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_endpoints() function in versions 2.1.0 - 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be leveraged for privilege escalation.",">=2.1.0 \u003C2.2.2","2.2.2",6.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2023-10-02 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F39003835-80df-49c7-982a-346bf328565c?source=api-prod",113,{"slug":65,"display_name":7,"profile_url":8,"plugin_count":66,"total_installs":67,"avg_security_score":68,"avg_patch_time_days":69,"trust_score":70,"computed_at":71},"davidanderson",16,6440540,98,1197,78,"2026-04-04T11:19:21.884Z",[73,96,116,131,149],{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":16,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":28,"unpatched_count":29,"last_vuln_date":95,"fetched_at":31},"custom-api-for-wp","Custom API for WP","4.5.0","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fcustom-api-for-wordpress\" rel=\"nofollow ugc\">\u003Cstrong>Custom API for WP plugin\u003C\u002Fstrong>\u003C\u002Fa> plugin allows you to \u003Cem>create no code custom REST endpoints \u002F Custom APIs\u003C\u002Fem> in WordPress. With interactive \u003Cstrong>Graphical User Interface (GUI)\u003C\u002Fstrong> fetch any data from WordPress database tables like \u003Cstrong>users, posts, custom tables or any 3rd-party plugin’s table\u003C\u002Fstrong>. You can also use HTTP request methods like \u003Cstrong>POST, PUT, DELETE (Insert, Update, Delete)\u003C\u002Fstrong> data with these created Custom endpoint \u002F Custom REST routes.\u003C\u002Fp>\n\u003Cp>You can also \u003Cstrong>connect any external APIs\u003C\u002Fstrong> and platforms to \u003Cstrong>fetch the data and display data on WordPress frontend\u003C\u002Fstrong> . You can use your design (custom HTML, CSS and JS), post data on third-party platforms on any WordPress events (user creation, Woocommerce events, form submission, membership purchase etc) via WordPress hooks.\u003C\u002Fp>\n\u003Cp>You can easily interact with the WordPress database to perform \u003Cstrong>CRUD operations on data using the custom endpoints created (generated) using \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fcustom-api-for-wordpress\" rel=\"nofollow ugc\">Connect to external APIs | Custom endpoints for WP\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fcustom-api-for-wordpress\" rel=\"nofollow ugc\">Custom API for WP plugin\u003C\u002Fa> takes care of writing the \u003Cstrong>complex SQL queries\u003C\u002Fstrong> to fetch\u002Fupdate data and provide you with a very simple User Interface to create or generate custom REST endpoints.\u003Cbr \u002F>\nThis plugin also provides the \u003Cstrong>filter operations in which you can filter the data\u003C\u002Fstrong> you want to show in the API endpoint response.\u003C\u002Fp>\n\u003Ch3>🆓FREE Plan Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unlimited GET APIs:\u003C\u002Fstrong> Create as many GET APIs as you need to fetch data from WordPress tables.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One Advanced API using SQL:\u003C\u002Fstrong> Build a single advanced API with custom SQL queries to perform CRUD (GET, POST, PUT, DELETE) operations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>External API Integration (JSON Only):\u003C\u002Fstrong> Connect to third-party APIs that return JSON data.\n\u003Cul>\n\u003Cli>\u003Cstrong>Hooks Support for External APIs:\u003C\u002Fstrong> Use hooks to trigger and execute connected external APIs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💲PREMIUM Plan Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Unlimited RESTful APIs:\u003C\u002Fstrong> Create APIs with all HTTP methods – GET, POST, PUT, DELETE.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Filters on API Data:\u003C\u002Fstrong> Apply filters to refine data retrieved in Custom APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable API Response:\u003C\u002Fstrong> Format API responses to match your exact requirements in custom APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access Control:\u003C\u002Fstrong> Restrict access to custom APIs based on user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conditional Logic & Filters:\u003C\u002Fstrong> Add logic-based rules and conditions to custom APIs. Use query parameters to filter API responses on the go.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Unlimited Advanced APIs with SQL:\u003C\u002Fstrong> Build complex and fully customized APIs using SQL queries to perform CRUD (GET, POST, PUT, DELETE) operations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Customizable API Response:\u003C\u002Fstrong> Format API responses to match your exact requirements in custom APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access Control:\u003C\u002Fstrong> Restrict access to custom APIs based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Unlimited External API Integrations:\u003C\u002Fstrong> Connect to as many third-party APIs as needed that return JSON, XML, GRAPHQL or SOAP responses.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hooks Support for External APIs:\u003C\u002Fstrong> Use hooks to trigger and execute connected external APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode & Template Tag Display:\u003C\u002Fstrong> Easily display data from external API on your frontend using shortcodes or template tags.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Authentication for External APIs:\u003C\u002Fstrong> Supports OAuth2, Bearer Tokens, and API Key authentication methods.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dependent API:\u003C\u002Fstrong> Dynamically retrieve a token from an external API to authenticate requests to the data API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-party\u002FExternal API Integration into WordPress\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>This plugin allows you to \u003Cstrong>integrate any external or third-party REST API endpoints into WordPress\u003C\u002Fstrong> very easily with the help of our interactive and simple GUI within seconds. With this function of our plugin, you can fetch data to your WordPress (\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa>) site or you can use it to fetch data and process it according to your needs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>These integrations can also be done on third-party plugin events like form submission using Elementor, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" rel=\"nofollow ugc\">Wpforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravityforms\u003C\u002Fa> etc. and also payment status or subscription status based on transactions done via payment gateways like that provided by \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" rel=\"nofollow ugc\">Wpforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravityforms\u003C\u002Fa> or any other services.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>External API integrations can be done on any event of WordPress like user registration, user membership level change or any other using plugin hooks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa> product data can be synced with any external\u002Fthird-party API provider(Supplier) on a real-time basis with our plugin.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This feature also provides the capability to register or login users to third-party platforms by making an API request to the third-party platforms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Data display on front end using shortcode or template tag\u003C\u002Fstrong> fetched from external API endpoints.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Any kind of external APIs supporting \u003Cstrong>JSON\u003C\u002Fstrong>, \u003Cstrong>XML\u003C\u002Fstrong>, \u003Cstrong>SOAP\u003C\u002Fstrong>, \u003Cstrong>GraphQL\u003C\u002Fstrong> can be connected with authentication methods like \u003Cstrong>OAuth\u003C\u002Fstrong>, \u003Cstrong>JWT\u003C\u002Fstrong>, \u003Cstrong>Bearer\u003C\u002Fstrong>, \u003Cstrong>API Key\u003C\u002Fstrong> or even \u003Cstrong>custom API authentication\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Access custom data of the WordPress site into your mobile application or web clients via custom REST API Endpoints.\u003C\u002Fli>\n\u003Cli>Create easy \u003Cstrong>Custom REST Routes to Create, Read, Update and Delete (CRUD)\u003C\u002Fstrong> WordPress content from client-side JavaScript or external applications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interact with any standard database\u003C\u002Fstrong> schema\u002F table or your custom-built schema\u002F table to fetch\u002F update\u002F delete data using the custom API endpoints.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Connect two WordPress sites\u003C\u002Fstrong> or connect your WordPress site with a website built in any framework and Get\u002FUpdate\u002FInsert\u002FDelete (CRUD) data of one website to another website with the help of Custom API and feasibility of connection with External APIs \u002F Custom Endpoints developed in the external Website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Connect with External Rest API Routes to display data on your website\u003C\u002Fstrong> or process the data received from External Endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fintegrate-external-third-party-rest-api-endpoints-into-wordpress\" rel=\"nofollow ugc\">Integrate External\u002Fthird-party REST API endpoints with third-party plugin’s payment gateways\u003C\u002Fa>\u003C\u002Fstrong> like that of \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" rel=\"nofollow ugc\">Wpforms\u003C\u002Fa>or any other custom gateway such that the API can be called automatically based on the payment status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrate External\u002F third-party REST API endpoints with custom\u002F third-party plugins’ forms\u003C\u002Fstrong> like that of \u003Ca href=\"https:\u002F\u002Fwpforms.com\u002F\" rel=\"nofollow ugc\">Wpforms\u003C\u002Fa>, Elementor, \u003Ca href=\"https:\u002F\u002Fwww.gravityforms.com\u002F\" rel=\"nofollow ugc\">Gravityforms\u003C\u002Fa> etc such that the external APIs can be called on these forms submission or any related events to perform fetch\u002Fupdate\u002Fdelete operation based on API endpoints.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sync third-party\u002Fexternal API provider’s (Supplier’s) API Inventory data into \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fstrong> and display them in the product feed on a real-time basis. \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwoocommerce-api-product-sync-with-woocommerce-rest-apis\" rel=\"nofollow ugc\">[More detials]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrate external APIs into WooCommerce\u003C\u002Fstrong> – If you have a Woocommerce store and want to update the data like order creation, order status, and user profile update on a third-party platform in real-time, then a solution can be provided using our plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data display using shortcode\u003C\u002Fstrong> – Fetch data from external API with security and display that on WordPress front-end pages using the shortcodes with customized design.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Add-Ons\u003C\u002Fh3>\n\u003Ch3>WooCommerce Products sync via External API | Import products in WooCommerce using Supplier APIs\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you have a \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002F\" rel=\"nofollow ugc\">WooCommerce\u003C\u002Fa> store and want to \u003Cstrong>sync\u003C\u002Fstrong> (add\u002Fupdate\u002Fdelete) the products from the external inventory warehouse\u002F  store’s platform via APIs then it can be using the CUSTOM API plugin along with our \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwoocommerce-api-product-sync-with-woocommerce-rest-apis\" rel=\"nofollow ugc\">Woocommerce products sync from external APIs\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cem>Following are the key features\u003C\u002Fem> –\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Data can be synced automatically\u003C\u002Fstrong> after a certain specified period. (For example, every 4 hours a day).\u003C\u002Fli>\n\u003Cli>All the product details like SKU, name, description, price, stock status, images, custom attributes and variant productions can be updated along with other custom attributes as well.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sync can be done in the background\u003C\u002Fstrong> such that customers using your WP site are not affected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data syncing can also be done by clicking on the sync button manually\u003C\u002Fstrong> in the User Interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> product images can also be added\u003C\u002Fstrong> or updated with ease based on external API data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No extra work to import and export CSV\u002F TXT files manually\u003C\u002Fstrong>. API Integration will do the job automatically.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin supports complete integrations for the following –\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sync \u003Cstrong>Amrod\u003C\u002Fstrong> catalogue to WooCommerce \u003C\u002Fli>\n\u003Cli>Sync \u003Cstrong>S&S Activewear\u003C\u002Fstrong> products to WooCommerce\u003C\u002Fli>\n\u003Cli>Sync products and orders from \u003Cstrong>Shopify\u003C\u002Fstrong> to WooCommerce\u003C\u002Fli>\n\u003Cli>Import products from \u003Cstrong>Parts Unlimited\u003C\u002Fstrong> to WooCommerce\u003C\u002Fli>\n\u003Cli>Import products from \u003Cstrong>Parts Canada\u003C\u002Fstrong> to WooCommerce\u003C\u002Fli>\n\u003Cli>Import products from \u003Cstrong>Barron\u003C\u002Fstrong> to WooCommerce\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Zoho Integration with WordPress\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you have a WordPress site and want to connect it to your \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002F\" rel=\"nofollow ugc\">Zoho\u003C\u002Fa> applications like \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fin\u002Fcrm\u002F\" rel=\"nofollow ugc\">Zoho CRM\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fconnect\u002F\" rel=\"nofollow ugc\">Zoho connect\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fin\u002Fsubscriptions\u002F\" rel=\"nofollow ugc\">Zoho Subscription\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fin\u002Finventory\u002F\" rel=\"nofollow ugc\">Zoho Inventory\u003C\u002Fa> etc to perform operations like sync real-time data between these platforms, which involves user profile sync, operate on WordPress or assign membership to the user based on his Zoho subscription etc. With this integration, any Zoho APIs and webhooks can be integrated to perform real-time sync.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WordPress Automate using Webhooks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin can be made compatible to automate WordPress events with external API and webhook to synchronize data between WordPress and external applications.\u003Cbr \u002F>\nFor example – If you have a WordPress\u002FWoocommerce site and want to sync the user data, product data, posts, and membership data with external platforms, inventories and CRM like Zoho, Hubspot etc., then this plugin can be extended with an add-on to achieve this.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These solutions can be used additionally along with the plugin. To know more details, contact us at \u003Cem>apisupport@xecurify.com\u003C\u002Fem> and let us know your requirements.\u003C\u002Fp>\n\u003Ch3>Type of Data which you can retrieve with Custom Endpoints\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WP Users and User Meta.\u003C\u002Fli>\n\u003Cli>WP Roles and Capabilities.\u003C\u002Fli>\n\u003Cli>WP Posts, Pages and custom post types.\u003C\u002Fli>\n\u003Cli>WP Options.\u003C\u002Fli>\n\u003Cli>WP Taxonomy.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>products, WordPress Membership plugins data.\u003C\u002Fli>\n\u003Cli>Custom data, Custom posts, Custom parameters, Custom fields and many more.\u003C\u002Fli>\n\u003Cli>Any third-party plugins or custom table data can be fetched\u002Fupdated using these custom API endpoints.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Service\u003C\u002Fh3>\n\u003Cp>This plugin may call login.xecurify.com (our own service) in case user wants to register or share any queries or feedback with us and this is completely optional.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not store any user data, and all the data remains on the user’s end only.\u003C\u002Fp>\n","Connect WordPress with External APIs and create no-code custom WordPress REST API endpoints to interact with the WordPress database to perform SQL ope &hellip;",1000,61759,96,44,"2025-12-11T10:08:00.000Z","3.0.1","5.4",[20,89,90,22,91],"custom-api","custom-endpoints","rest-api","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-api-for-wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-api-for-wp.4.5.0.zip",95,"2025-07-28 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":13,"num_ratings":48,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":115,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"better-rest-endpoints","Better Rest Endpoints","1.5.2","matt adams","https:\u002F\u002Fprofiles.wordpress.org\u002Ffactor1\u002F","\u003Cp>A WordPress plugin that serves up slimmer WP Rest API endpoints, with some great\u003Cbr \u002F>\nenhancements like ACF fields, WordPress menu endpoints, and more. You can\u003Cbr \u002F>\nview the full documentation and features \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffactor1\u002Fbetter-rest-endpoints\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin that serves up slimmer WP Rest API endpoints.",200,3767,"2019-02-13T01:15:00.000Z","4.9.29","4.7.1","",[111,20,112,23,24],"acf","endpoints","https:\u002F\u002Fgithub.com\u002Ffactor1\u002Fbetter-rest-endpoints\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-rest-endpoints.1.5.2.zip",85,{"slug":117,"name":118,"version":119,"author":117,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":48,"last_updated":109,"tested_up_to":126,"requires_at_least":127,"requires_php":109,"tags":128,"homepage":109,"download_link":129,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":130},"kinetise","Kinetise API","2.0.5","https:\u002F\u002Fprofiles.wordpress.org\u002Fkinetise\u002F","\u003Cp>Kinetise WordPress plugin allows seamless communication with Mobile apps created in Kinetise.\u003C\u002Fp>\n","Kinetise WordPress plugin allows seamless communication with Mobile apps created in Kinetise.",10,2445,80,"4.6.0","4.0",[20,21,23,117,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkinetise.zip","2026-03-15T10:48:56.248Z",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":83,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":17,"tags":145,"homepage":147,"download_link":148,"security_score":115,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,38,"2023-09-14T00:26:00.000Z","6.3.8","4.9",[146,20,23,24,91],"admin","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":157,"downloaded":158,"rating":159,"num_ratings":160,"last_updated":161,"tested_up_to":16,"requires_at_least":162,"requires_php":163,"tags":164,"homepage":169,"download_link":170,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","4.2","7.4.0",[165,166,167,91,168],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"attackSurface":172,"codeSignals":285,"taintFlows":332,"riskAssessment":407,"analyzedAt":416},{"hooks":173,"ajaxHandlers":261,"restRoutes":277,"shortcodes":278,"cronEvents":283,"entryPointCount":284,"unprotectedCount":29},[174,180,185,189,192,196,200,204,207,211,215,219,224,230,232,236,239,244,248,251,255,259],{"type":175,"name":176,"callback":177,"file":178,"line":179},"action","wp_footer","ajax_function","frontend\\functions.php",105,{"type":175,"name":181,"callback":182,"priority":123,"file":183,"line":184},"init","wpgetapi_init_block_editor_assets","includes\\block-editor\\block-editor.php",71,{"type":175,"name":186,"callback":187,"priority":123,"file":183,"line":188},"enqueue_block_editor_assets","wpgetapi_enqueue_block_editor_assets",169,{"type":175,"name":190,"callback":181,"file":191,"line":159},"admin_init","includes\\class-wpgetapi-admin-options.php",{"type":175,"name":193,"callback":194,"file":191,"line":195},"admin_menu","add_options_pages",89,{"type":175,"name":197,"callback":198,"file":191,"line":199},"cmb2_admin_init","init_custom_fields",91,{"type":175,"name":201,"callback":202,"priority":48,"file":191,"line":203},"cmb2_save_options-page_fields","redirect",93,{"type":175,"name":205,"callback":206,"file":191,"line":94},"admin_footer","load_testing_javascript",{"type":175,"name":208,"callback":209,"file":191,"line":210},"plugins_loaded","plugins_loaded_handler",102,{"type":175,"name":212,"callback":213,"file":191,"line":214},"all_admin_notices","render_admin_notices",103,{"type":175,"name":216,"callback":217,"priority":123,"file":191,"line":218},"cmb2_options-page_process_fields_wpgetapi_setup","cleanup_wpgetapi_removed_api_options",107,{"type":175,"name":220,"callback":221,"file":222,"line":223},"admin_enqueue_scripts","admin_scripts_styles","includes\\class-wpgetapi-api-enqueues.php",24,{"type":225,"name":226,"callback":227,"priority":27,"file":228,"line":229},"filter","wpgetapi_raw_error_data","maybe_add_debug_info","includes\\class-wpgetapi-api.php",79,{"type":225,"name":231,"callback":227,"priority":27,"file":228,"line":125},"wpgetapi_raw_data",{"type":175,"name":193,"callback":233,"file":234,"line":235},"license_menu","includes\\class-wpgetapi-license-handler.php",25,{"type":175,"name":237,"callback":237,"file":234,"line":238},"admin_notices",26,{"type":225,"name":240,"callback":241,"file":242,"line":243},"cmb2_render_class_parameter","class_name","includes\\class-wpgetapi-parameter-field.php",15,{"type":225,"name":245,"callback":246,"priority":247,"file":242,"line":66},"cmb2_sanitize_parameter","maybe_save_split_values",12,{"type":225,"name":245,"callback":249,"priority":123,"file":242,"line":250},"sanitize",21,{"type":225,"name":252,"callback":253,"priority":123,"file":242,"line":254},"cmb2_types_esc_parameter","escape",22,{"type":225,"name":256,"callback":257,"priority":123,"file":258,"line":94},"plugin_row_meta","filter_plugin_row_meta","wpgetapi.php",{"type":175,"name":208,"callback":260,"file":258,"line":68},"load_textdomain",[262,268,271,274],{"action":263,"nopriv":264,"callback":265,"hasNonce":266,"hasCapCheck":266,"file":191,"line":267},"wpgetapi_test_endpoint",false,"test_the_endpoint",true,97,{"action":269,"nopriv":264,"callback":270,"hasNonce":266,"hasCapCheck":266,"file":191,"line":27},"wpgetapi_export_endpoints","export_endpoints",{"action":272,"nopriv":264,"callback":273,"hasNonce":266,"hasCapCheck":266,"file":191,"line":13},"wpgetapi_import_endpoints","import_endpoints",{"action":275,"nopriv":264,"callback":276,"hasNonce":266,"hasCapCheck":266,"file":191,"line":179},"wpgetapi_notice_dismiss","wpgetapi_notice_dismiss_handler",[],[279],{"tag":280,"callback":281,"file":178,"line":282},"wpgetapi_endpoint","wpgetapi_endpoint_shortcode",174,[],5,{"dangerousFunctions":286,"sqlUsage":287,"outputEscaping":289,"fileOperations":29,"externalRequests":284,"nonceChecks":330,"capabilityChecks":48,"bundledLibraries":331},[],{"prepared":29,"raw":29,"locations":288},[],{"escaped":290,"rawEcho":291,"locations":292},179,19,[293,296,298,300,302,304,306,308,310,312,314,316,318,320,322,323,325,327,329],{"file":183,"line":294,"context":295},220,"raw output",{"file":191,"line":297,"context":295},585,{"file":191,"line":299,"context":295},607,{"file":191,"line":301,"context":295},638,{"file":191,"line":303,"context":295},711,{"file":191,"line":305,"context":295},1049,{"file":191,"line":307,"context":295},1084,{"file":191,"line":309,"context":295},1239,{"file":242,"line":311,"context":295},64,{"file":242,"line":313,"context":295},84,{"file":315,"line":223,"context":295},"templates\\notices\\thanks-for-using-main-dash.php",{"file":315,"line":317,"context":295},29,{"file":315,"line":319,"context":295},34,{"file":315,"line":321,"context":295},39,{"file":315,"line":84,"context":295},{"file":315,"line":324,"context":295},49,{"file":315,"line":326,"context":295},54,{"file":315,"line":328,"context":295},59,{"file":315,"line":311,"context":295},4,[],[333,350,363,374,388,399],{"entryPoint":334,"graph":335,"unsanitizedCount":29,"severity":349},"export_endpoints (includes\\class-wpgetapi-admin-options.php:672)",{"nodes":336,"edges":347},[337,342],{"id":338,"type":339,"label":340,"file":191,"line":341},"n0","source","$_POST",678,{"id":343,"type":344,"label":345,"file":191,"line":303,"wp_function":346},"n1","sink","echo() [XSS]","echo",[348],{"from":338,"to":343,"sanitized":266},"low",{"entryPoint":351,"graph":352,"unsanitizedCount":29,"severity":349},"import_endpoints (includes\\class-wpgetapi-admin-options.php:719)",{"nodes":353,"edges":361},[354,357],{"id":338,"type":339,"label":355,"file":191,"line":356},"$_POST (x3)",725,{"id":343,"type":344,"label":358,"file":191,"line":359,"wp_function":360},"update_option() [Settings Manipulation]",768,"update_option",[362],{"from":338,"to":343,"sanitized":266},{"entryPoint":364,"graph":365,"unsanitizedCount":29,"severity":349},"wpgetapi_notice_dismiss_handler (includes\\class-wpgetapi-admin-options.php:1255)",{"nodes":366,"edges":372},[367,370],{"id":338,"type":339,"label":368,"file":191,"line":369},"$_POST (x4)",1278,{"id":343,"type":344,"label":358,"file":191,"line":371,"wp_function":360},1283,[373],{"from":338,"to":343,"sanitized":266},{"entryPoint":375,"graph":376,"unsanitizedCount":29,"severity":349},"\u003Cclass-wpgetapi-admin-options> (includes\\class-wpgetapi-admin-options.php:0)",{"nodes":377,"edges":385},[378,379,380,383],{"id":338,"type":339,"label":340,"file":191,"line":341},{"id":343,"type":344,"label":345,"file":191,"line":303,"wp_function":346},{"id":381,"type":339,"label":382,"file":191,"line":356},"n2","$_POST (x7)",{"id":384,"type":344,"label":358,"file":191,"line":359,"wp_function":360},"n3",[386,387],{"from":338,"to":343,"sanitized":266},{"from":381,"to":384,"sanitized":266},{"entryPoint":389,"graph":390,"unsanitizedCount":29,"severity":349},"admin_notices (includes\\class-wpgetapi-license-handler.php:114)",{"nodes":391,"edges":397},[392,395],{"id":338,"type":339,"label":393,"file":234,"line":394},"$_GET",120,{"id":343,"type":344,"label":345,"file":234,"line":396,"wp_function":346},123,[398],{"from":338,"to":343,"sanitized":266},{"entryPoint":400,"graph":401,"unsanitizedCount":29,"severity":349},"\u003Cclass-wpgetapi-license-handler> (includes\\class-wpgetapi-license-handler.php:0)",{"nodes":402,"edges":405},[403,404],{"id":338,"type":339,"label":393,"file":234,"line":394},{"id":343,"type":344,"label":345,"file":234,"line":396,"wp_function":346},[406],{"from":338,"to":343,"sanitized":266},{"summary":408,"deductions":409},"The \"wpgetapi\" v2.25.4 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of directly dangerous functions, 100% prepared SQL statements, and a high percentage of properly escaped output are commendable.  Furthermore, the presence of nonce and capability checks on the identified entry points suggests an effort to protect against common WordPress vulnerabilities. The lack of any taint analysis findings with unsanitized paths or critical\u002Fhigh severity issues is also a positive indicator.\n\nHowever, a review of the vulnerability history reveals a pattern of past medium-severity vulnerabilities, specifically SSRF and Missing Authorization. While there are currently no unpatched CVEs, the existence of two historical medium-severity issues in these categories warrants attention. The plugin's past struggles with authorization are particularly concerning, as they can lead to privilege escalation or unauthorized data access.  The plugin's attack surface, while small in terms of entry points, relies on robust authentication and authorization mechanisms which have historically been a point of concern.\n\nIn conclusion, \"wpgetapi\" v2.25.4 has made significant strides in its security practices, evident in its static analysis. The team appears to be implementing good coding standards. The primary area for continued vigilance is addressing the historical patterns of medium-severity vulnerabilities, particularly those related to authorization, to ensure future releases maintain the current positive trend and prevent recurrence.",[410,412,414],{"reason":411,"points":123},"Past medium-severity vulnerabilities (2 total)",{"reason":413,"points":284},"Historical focus on SSRF vulnerabilities",{"reason":415,"points":284},"Historical focus on Missing Authorization","2026-03-16T17:41:11.411Z",{"wat":418,"direct":437},{"assetPaths":419,"generatorPatterns":430,"scriptPaths":431,"versionParams":434},[420,421,422,423,424,425,426,427,428,429],"\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fblock-editor\u002Fblock-editor.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-admin-options.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-api.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-api-enqueues.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-encryption.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-license-handler.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-notices.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Ffunctions.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Flib\u002Fcmb2\u002Finit.php","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Ffrontend\u002Ffunctions.php",[],[432,433],"\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fblock-editor\u002Fblock-editor.js","\u002Fwp-content\u002Fplugins\u002Fwpgetapi\u002Fincludes\u002Fclass-wpgetapi-api-enqueues.js",[435,436],"wpgetapi\u002Fstyle.css?ver=","wpgetapi\u002Fscript.js?ver=",{"cssClasses":438,"htmlComments":441,"htmlAttributes":443,"restEndpoints":448,"jsGlobals":449,"shortcodeOutput":451},[439,440],"wpgetapi-ajax-output","wpgetapi_endpoint_container",[442],"WPGetAPI Plugin Core",[444,445,446,447],"data-api-id","data-endpoint-id","data-api-setup-modal","data-api-call-nonce",[],[450],"wpgetapi_localized_data",[452,453],"[wpgetapi_endpoint","[wpgetapi_display_api_data"]