{"id":333366,"date":"2026-07-01T11:29:00","date_gmt":"2026-07-01T11:29:00","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/kistn\/"},"modified":"2026-07-09T07:28:21","modified_gmt":"2026-07-09T07:28:21","slug":"kistn","status":"publish","type":"plugin","link":"https:\/\/lmo.wordpress.org\/plugins\/kistn\/","author":15601993,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.1","stable_tag":"1.0.1","tested":"7.0.1","requires":"6.0","requires_php":"8.3","requires_plugins":null,"header_name":"Kistn API Client","header_author":"Christian Doebler","header_description":"Pushes installed plugin and theme inventory to the Kistn API for vulnerability monitoring.","assets_banners_color":"","last_updated":"2026-07-09 07:28:21","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/christian-doebler.net","rating":0,"author_block_rating":0,"active_installs":0,"downloads":82,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"grissi","date":"2026-07-01 11:28:29"},"1.0.1":{"tag":"1.0.1","author":"grissi","date":"2026-07-09 07:28:21"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[6601,5603,600,6460],"plugin_category":[45,54],"plugin_contributors":[269304],"plugin_business_model":[],"class_list":["post-333366","plugin","type-plugin","status-publish","hentry","plugin_tags-inventory","plugin_tags-monitoring","plugin_tags-security","plugin_tags-vulnerability","plugin_category-ecommerce","plugin_category-security-and-spam-protection","plugin_contributors-grissi","plugin_committers-grissi"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/kistn.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Collects installed plugins, themes, and WordPress core, then pushes inventory to your Kistn server for centralized vulnerability monitoring.<\/p>\n\n<p><strong>Push flow:<\/strong><\/p>\n\n<ol>\n<li>Preflight \u2014 asks the server which slugs need a fresh advisory check and which are known-private.<\/li>\n<li>Hash check \u2014 skips push if inventory unchanged.<\/li>\n<li>WPScan lookup \u2014 queries the WPScan vulnerability database only for stale, non-private slugs.<\/li>\n<li>Push \u2014 sends packages, vulnerability findings, advisory snapshots, and any newly-discovered private slugs.<\/li>\n<\/ol>\n\n<p>Private packages (those absent from the WPScan database) are tracked server-side so subsequent runs never waste WPScan quota on them. When the server later confirms a package is public, the project owner is notified.<\/p>\n\n<p><strong>Configuration<\/strong> via Settings \u2192 Kistn, or via constants in wp-config.php:<\/p>\n\n<p>define( 'KISTN_BASE_URL', 'https:\/\/your-server.example.com' );\n  define( 'KISTN_PROJECT_ID', 'your-project-uuid' );\n  define( 'KISTN_TOKEN', 'your-api-token' );\n  define( 'KISTN_WPSCAN_TOKEN', 'your-wpscan-api-token' ); \/\/ optional, enables vulnerability lookups<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin can connect to WPScan API to obtain latest security information about your installation. Use of this feature is optional. To use this feature, you need a WPScan account and your own API token.<\/p>\n\n<p>When the feature is used, this plugin sends information about installed WordPress core, plugins and themes to retrieve latest security advisories about your installed components. The service is provided by \"WPScan\": https:\/\/wpscan.com\/terms\/, https:\/\/automattic.com\/privacy\/.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>In your WordPress admin, go to Plugins \u2192 Add New, search for \"Kistn API Client\", install and activate.<\/li>\n<li>Alternatively, upload the plugin ZIP via Plugins \u2192 Add New \u2192 Upload Plugin, then activate.<\/li>\n<li>Alternatively, via Composer: <code>composer require kistn\/wp-client<\/code>, then activate as usual.<\/li>\n<li>Go to Settings \u2192 Kistn and configure your API credentials.<\/li>\n<\/ol>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Fix: WPScan requests now pause until the next day (site timezone) after hitting the 429 rate limit, instead of retrying every remaining slug in the same run.<\/li>\n<li>Change: The Push Interval field is now hidden when Schedule Mode is set to WP-CLI only (it doesn't apply to that mode).<\/li>\n<li>Change: Renamed the WP-CLI command from <code>wp inventory push<\/code> to <code>wp kistn push<\/code>.<\/li>\n<li>Change: Added an example placeholder to the API Base URL field.<\/li>\n<li>Docs: Documented WordPress-plugin-repository installation as the primary install method.<\/li>\n<li>Change: The server-crontab hint under Settings \u2192 Kistn now toggles live when Schedule Mode is switched, instead of only appearing after a save.<\/li>\n<li>Docs: Documented Composer installation option (<code>composer require kistn\/wp-client<\/code>) in README.md and readme.txt.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Pushes installed plugin and theme inventory to the Kistn API for vulnerability monitoring.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/333366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=333366"}],"author":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/grissi"}],"wp:attachment":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=333366"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=333366"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=333366"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=333366"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=333366"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=333366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}