{"id":292446,"date":"2026-03-26T10:53:03","date_gmt":"2026-03-26T10:53:03","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/balada-fix\/"},"modified":"2026-03-26T11:00:48","modified_gmt":"2026-03-26T11:00:48","slug":"balada-fix","status":"publish","type":"plugin","link":"https:\/\/bal.wordpress.org\/plugins\/balada-fix\/","author":23469591,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.0","stable_tag":"1.1.0","tested":"6.9.4","requires":"5.0","requires_php":"7.2","requires_plugins":null,"header_name":"Balada Fix","header_author":"365dizajn","header_description":"Blocks unauthenticated POST requests to vulnerable REST paths (e.g. wp-json\/tdw\/save_css). Add paths in Settings \u2192 Balada Fix. Only logged-in users with edit_theme_options can access listed paths.","assets_banners_color":"","last_updated":"2026-03-26 11:00:48","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/365dizajn.com","rating":5,"author_block_rating":0,"active_installs":0,"downloads":64,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1.0":{"tag":"1.1.0","author":"vladanrs","date":"2026-03-26 11:00:48"}},"upgrade_notice":{"1.1.0":"

You can now add and edit blocked paths in Settings \u2192 Balada Fix (one per line).<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3491702,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3491702,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1.0"],"block_files":[],"assets_screenshots":{"screenshot-1.JPG":{"filename":"screenshot-1.JPG","revision":3491702,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"Screenshot installed plugin"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[258673,144339,23853,600,38850],"plugin_category":[54],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-292446","plugin","type-plugin","status-publish","hentry","plugin_tags-balada","plugin_tags-injector","plugin_tags-rest-api","plugin_tags-security","plugin_tags-wp-json","plugin_category-security-and-spam-protection","plugin_committers-vladanrs"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/balada-fix\/assets\/icon-128x128.png?rev=3491702","icon_2x":"https:\/\/ps.w.org\/balada-fix\/assets\/icon-256x256.png?rev=3491702","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/balada-fix\/assets\/screenshot-1.JPG?rev=3491702","caption":"Screenshot installed plugin"}],"raw_content":"\n

Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme's wp-json\/tdw\/save_css<\/code>) are often targeted by the \"Balada Injector\" and similar campaigns to inject malicious scripts.<\/p>\n\n